What good is a Certificate Authority in an Active Directory environment if there is no way to automatically deploy the Certificates? Luckily, with the use of Group Policy and a few configuration changes to Certificate Templates, this is a fairly easy task.
For every Certificate Authority, it is inevitable that you are eventually going to need to revoke a Certificate for one reason or another. The Online Responder Role in Active Directory Certificate Services is capable of rapidly revoking Certificates and ensuring that users in your organization are notified as quickly as possible.
Once the Certificate Authority has been created it is time to deploy those Certificates to the organization. Through the use of Group Policy with Active Directory, this is a fairly easy task, and can deploy the Certificates to the organization in only a few minutes.
Once the Root CA has been created, the Subordinate CA needed to be setup. This Subordinate CA is needed to do all of the work for the Certificate Authority. It will issue all Certificates to the organization and handle the day to day operations.
The first step in establishing a two-tier Certificate Authority is the creation of the Root Certificate. The Root Certificate is the most important part of the Certificate Trust, and it is critical that this is setup properly and securely from day one.