Practical Guide to PKI with Windows Server - First Edition

Now for sale, the book version of the Building a Certificate Authority in Windows Server 2019 guide. The guide has been greatly expanded and includes many additional details and steps that were not included in the original guide.

The book is currently available for sale on Amazon in Paperback format:

Buy on Amazon

The book is also available for sale on Gumroad in PDF format:

Buy on Gumroad

What’s Inside?

  • A 398 page complete guide for implementing a Two-Tier Certificate Authority using Windows Server 2019.
  • An in-depth, step-by-step guide for building all components of a CA.
  • A quick start guide for quickly creating a CA using AD CS.
  • A guide to implementing an Offline Root CA and an Enterprise CA.
  • A guide to implementing OCSP with AD CS.
  • A guide to installing and configuring Hyper-V.
  • Instructions using the GUI and the CLI for installation and configuration.
  • Over 350 screenshots and diagrams.
  • Over 125 configuration commands and sample configurations.

Table of Contents

Included in the book are 12 chapters which explain the process for creating a Certificate Authority using Active Directory Certificate Services:

  1. Public Key Infrastructure Overview
  2. Certificate Authority Test Environment
  3. Domain Controller and Workstation Setup
  4. Offline Root CA Setup
  5. Subordinate CA Setup
  6. Deploy Root and Subordinate Certificates
  7. Online Responder Role Configuration
  8. Private Key Archive and Recovery
  9. Certificate Template Customization
  10. Certificate Enrollment
  11. AD CS Post-Implementation Tasks
  12. AD CS Quick Start

Also included is a Glossary, a list of all commands used in the book and a complete Index.

Who Is This Book For?

The purpose of this book is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Microsoft Windows Server. This book offers a comprehensive step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.

This book also explains each step, the necessity of that step, and the importance of that step within the Certificate Authority. The results of this book will create a Certificate Authority that can issue certificates internally within an organization in a secure manner, using best practices.

This book is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this book, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.

This book is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.

The contents of this book are presented in a thorough, but easy to follow manner. Screenshots are provided for important steps for verification purposes and to demonstrate how the environment should be configured.

Behind the Scenes

For more information on how I wrote the book and what challenges I encountered while writing it, check out the Practical Guide to PKI with Windows Server – Behind the Scenes page.

For a follow-up on this book, check out the Practical Guide to PKI with Windows Server - One Year Later page.

Updates and Additional Materials

If there are any updates for the book or additional materials, they will be posted to this page.

January 21, 2024 Update

  • Added a command listing for customers who purchased the paperback version of the book, which can be found on this page.

This site uses cookies. By continuing to use this website you agree to their use. To find out more about how this site uses cookies, including how to control cookies used for this website, please review the Privacy Policy and Cookie Policy.