For every Certificate Authority, it is inevitable that you are eventually going to need to revoke a Certificate for one reason or another. The Online Responder Role in Active Directory Certificate Services is capable of rapidly revoking Certificates and ensuring that users in your organization are notified as quickly as possible.
Once the Certificate Authority has been created it is time to deploy those Certificates to the organization. Through the use of Group Policy with Active Directory, this is a fairly easy task, and can deploy the Certificates to the organization in only a few minutes.
Once the Root CA has been created, the Subordinate CA needed to be setup. This Subordinate CA is needed to do all of the work for the Certificate Authority. It will issue all Certificates to the organization and handle the day to day operations.
The first step in establishing a two-tier Certificate Authority is the creation of the Root Certificate. The Root Certificate is the most important part of the Certificate Trust, and it is critical that this is setup properly and securely from day one.
This is the start of an 8-part series on building a Certificate Authority using Active Directory Certificate Services in Windows Server 2019. The process is quite involved, but with this guide and planning on your part, you should be able to build this important Infrastructure component with ease.