Press "Enter" to skip to content

Practical Guide to PKI with Windows Server

Now for sale, the book version of the Building a Certificate Authority in Windows Server 2019 guide. The guide has been greatly expanded and includes many additional details and steps that were not included in the original guide.

The book is currently available for sale on Amazon in Kindle and Paperback formats:

The book is also available for purchase on Gumroad in PDF format:

What’s inside?

  • A 398-page complete guide to implementing a Two-Tier Certificate Authority using Windows Server 2019.
  • An in-depth step-by-step guide for building all components of a CA.
  • A quick start guide for quickly creating a CA using AD CS.
  • A guide to implementing an Offline Root CA and an Enterprise CA.
  • A guide to implementing OCSP with AD CS.
  • A guide to installing and configuring Hyper-V.
  • Instructions using the GUI and the CLI for installation and configuration.
  • Over 350 screenshots and diagrams.
  • Over 125 configuration commands and sample configurations.

Table of Contents

Included in the book are 12 Chapters which explain the process for creating a Certificate Authority using Active Directory Certificate Services:

  1. Public Key Infrastructure Overview
  2. Certificate Authority Test Environment
  3. Domain Controller and Workstation Setup
  4. Office Root CA Setup
  5. Subordinate CA Setup
  6. Deploy Root and Subordinate Certificates
  7. Online Responder Role Configuration
  8. Private Key Archive and Recovery
  9. Certificate Template Customization
  10. Certificate Enrollment
  11. AD CS Post-Implementation Tasks
  12. AD CS Quick Start

Also included is a Glossary, a list of all commands used in the book and a complete Index.

Who Is This Book For?

The purpose of this book is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Microsoft Windows Server. This book offers a comprehensive step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.

This book also explains each step, the necessity of that step, and the importance of that step within the Certificate Authority. The results of this book will create a Certificate Authority that can issue certificates internally within an organization in a secure manner, using best practices.

This book is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this book, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.

This book is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.

The contents of this book are presented in a thorough, but easy to follow manner. Screenshots are provided for important steps for verification purposes and to demonstrate how the environment should be configured.