AD CS on Windows Server 2022
Now available for download, the AD CS on Windows Server 2022 guide for creating a Two-Tier Certificate Authority using Active Directory Certificate Services and Windows Server 2022.
Just like the Building a Certificate Authority in Windows Server 2019 guide that I released previously, this guide is also available for free.
This is a free download, and is available on Gumroad for distribution (enter $0 when checking out).
This guide is the successor to the Building a Certificate Authority in Windows Server 2019 guide that I released in early 2022. It is also based on the multi-part AD CS on Windows Server 2022 guide that I released in the summer of 2023.
This guide is updated with additional information on how to deploy a Certificate Authority, and updated for Windows Server 2022. Just like the original guide, it does not add any additional functionality such as automatic deployment using Group Policy or configuring the Online Responder role, but those can be added in the future if needed.
- A 44 page guide for implementing a Two-Tier Certificate Authority using Windows Server 2022 and Active Directory Certificate Services.
- A guide for installing and configuring Active Directory Domain Services.
- A guide for creating an offline Standalone/Root CA.
- A guide for creating an online Enterprise/Subordinate CA.
- Instructions that use the CLI for installation and configuration whenever possible.
Table of Contents
Included in the guide are 6 sections which explain the process for creating a Two-Tier Certificate Authority using Active Directory Certificate Services and Windows Server 2022:
- Certificate Authority Test Environment
- Active Directory Setup
- Root CA Setup
- Subordinate CA Setup
- AD CS Post-Implementation Tasks
- AD CS Next Steps
Who Is This Guide For?
The purpose of this guide is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Windows Server 2022. This guide offers a rapid step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.
This guide is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this guide, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.
This guide is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.
Updates and Additional Materials
There are several resources for expanding upon the functionality of this guide:
- AD CS on Windows Server 2019 guide on docs.mjcb.io.
- AD CS on Windows Server 2022 guide on docs.mjcb.io.