Table Of Content

Practical Guide to PKI with Windows Server Matthew Burr PracticalGuidetoPKIwithWindowsServer byMatthewBurr Copyright©2021MatthewBurr(https://mjcb.io/) Allrightsreserved.Thispublicationisprotectedbycopyright,andpermissionmustbeobtainedpriortoanyreproductionofthis publication.Nopartofthecontentsofthisbookmaybereproducedortransmittedinanyformorbyanymeanswithoutthe expresswrittenpermissionoftheauthor. ISBN:978-1-7774422-0-0 ISBN:978-1-7774422-1-7 Trademarks • ActiveDirectoryDomainServices,ActiveDirectoryCertificateServices,Edge,FileExplorer,Hyper-V,InternetExplorer, MicrosoftCertificateServer,Windows10,WindowsServer(2000,2003,2003R2,2008,2008R2,2012,2012R2,2016 and2019)andWindowsUpdatearetrademarkedtotheMicrosoftCorporation. • AndroidandChromearetrademarkedtoGoogleLLC. • ApacheHTTPServeristrademarkedtotheApacheSoftwareFoundation. • FirefoxistrademarkedtotheMozillaFoundation. • iOS,iPad,iPadOS,iPhone,macOS,andSafariaretrademarkedtoAppleInc. • LinuxistrademarkedtoLinusTorvaldsintheU.S.andothercountries. • NginxistrademarkedtoF5Networks,Inc. • OpenSSListrademarkedtotheOpenSSLSoftwareFoundation. • UbuntuistrademarkedtoCanonicalLtd. • VirtualBoxistrademarkedtoOracle. • VMwareWorkstationistrademarkedtoVMwareInc. WarningandDisclaimer Thisbookexpressestheauthor’sviewsandopinions.Theinformationcontainedwithinthisbookisprovidedwithoutany express,statutory,orimpliedwarranties.Theauthorwillnotbeheldliableforanydamagescausedbyorallegedtobecaused directlyorindirectlybythisbook.Reasonableeffortshavebeenmadetoensuretheaccuracyoftheinformationandcontents ofthisbook.Eventhoughallprecautionshavebeentakenintheresearchandpublicationofthisbook,theauthorassumesno responsibilityforerrorsoromissions.Noliabilityisassumedfordamagesresultingfromtheuseoftheinformationcontained inthisbook. Theexamplescontainedwithinthisbookmakereferencestocompanies,domainnames,e-mailaddresses,users, organizations,andotherscenarios.Allreferencesthatarecontainedwithinthisbookarefictitious.Thereisnoassociationwith anyrealcompanywithanyoftheprovidedexamples. Itisstronglyrecommendedtotestthestepsandproceduresprovidedinthisbookpriortousingitinaproductionenvironment. Detailsonhowtotestthestepsandproceduresinthisbookareprovided. Theauthorreservestherighttochange,modify,transfer,orotherwiserevisethispublicationwithoutnotice. RevisionHistory 2021-09-13-FirstEditionRelease AdditionalInformation Seehttps://mjcb.io/publications/practical-guide-to-pki-with-windows-server/foradditionaldetails,updates,andanyonline resourcesforthisbook. Iwouldliketodedicatethisbooktomywife,whohassupportedmeforallthetimethatI spentworkingonthisbook,andonalltheotherprojectsthatIenjoyworkingon. Contents at a Glance AbouttheAuthor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Chapter1-PublicKeyInfrastructureOverview . . . . . . . . . . . . . . . . . . . 1 Chapter2-CertificateAuthorityTestEnvironment . . . . . . . . . . . . . . . . . 25 Chapter3-DomainControllerandWorkstationSetup . . . . . . . . . . . . . . . 51 Chapter4-OfflineRootCASetup . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Chapter5-SubordinateCASetup . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Chapter6-DeployRootandSubordinateCertificates . . . . . . . . . . . . . . . 205 Chapter7-OnlineResponderRoleConfiguration . . . . . . . . . . . . . . . . . . 219 Chapter8-PrivateKeyArchiveandRecovery . . . . . . . . . . . . . . . . . . . . 251 Chapter9-CertificateTemplateCustomization . . . . . . . . . . . . . . . . . . . 265 Chapter10-CertificateEnrollment . . . . . . . . . . . . . . . . . . . . . . . . . . 285 Chapter11-ADCSPost-ImplementationTasks. . . . . . . . . . . . . . . . . . . 311 Chapter12-ADCSQuickStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 ContentsataGlance|v Table of Contents AbouttheAuthor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv WhoIsThisBookFor?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv ConventionsUsedinThisBook . . . . . . . . . . . . . . . . . . . . . . . . . xv TextConventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi InformationBoxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix GoalsofThisBook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix WhatWon’tThisBookCover?. . . . . . . . . . . . . . . . . . . . . . . . . . . xx BeforeYouStart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx SoftwareRequirements . . . . . . . . . . . . . . . . . . . . . . . . . . xxi ADCSInstallationandConfigurationOptions . . . . . . . . . . . . . xxi VirtualizationRequirements . . . . . . . . . . . . . . . . . . . . . . . xxi OrganizationofthisBook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii Chapter1-PublicKeyInfrastructureOverview . . . . . . . . . . . . . . . . . . . 1 WhatIsaPublicKeyInfrastructure? . . . . . . . . . . . . . . . . . . . . . . . 2 ActiveDirectoryCertificateServicesOverview . . . . . . . . . . . . . . . . . 4 ActiveDirectoryCertificateServicesRoles . . . . . . . . . . . . . . . . . . . 6 CertificateAuthorityHierarchies . . . . . . . . . . . . . . . . . . . . . . . . . 7 One-TierCertificateAuthority . . . . . . . . . . . . . . . . . . . . . . 8 Two-TierCertificateAuthority . . . . . . . . . . . . . . . . . . . . . . 9 Three-TierCertificateAuthority . . . . . . . . . . . . . . . . . . . . . 10 CertificateAuthorityandPKITerminology. . . . . . . . . . . . . . . . . . . . 12 X.509Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 CertificateAttributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 CertificateRevocationLists . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 CertificateTypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 PrivateEnterpriseNumbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 WhyUseanOfflineRootCA? . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 WindowsCertificateManagement . . . . . . . . . . . . . . . . . . . . . . . . 21 PublicKeyInfrastructureOverviewNextSteps . . . . . . . . . . . . . . . . . 23 Chapter2-CertificateAuthorityTestEnvironment . . . . . . . . . . . . . . . . . 25 CertificateAuthorityEnvironmentDesignandOverview . . . . . . . . . . . . 26 CertificateAuthorityDesignConsiderations . . . . . . . . . . . . . . . . . . 29 CertificateHierarchyOverview . . . . . . . . . . . . . . . . . . . . . . . . . . 30 ADCSInternalURLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 ADCSImportantFiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 ADCSImportantFiles-TFS-CA01 . . . . . . . . . . . . . . . . . . . . 33 ADCSImportantFiles-TFS-DC01 . . . . . . . . . . . . . . . . . . . . 34 ADCSImportantFiles-TFS-ROOT-CA . . . . . . . . . . . . . . . . . . 35 ADCSSecurityConsiderations . . . . . . . . . . . . . . . . . . . . . . . . . . 35 TableofContents|vii CertificateAuthorityNamingConventions . . . . . . . . . . . . . . . . . . . 36 Hyper-VConfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Hyper-VRequirements . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Hyper-VInstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 EnableHyper-VusingtheControlPanel . . . . . . . . . . . . . 40 EnableHyper-VusingPowerShell . . . . . . . . . . . . . . . . 41 EnableHyper-VusingDISM. . . . . . . . . . . . . . . . . . . . 42 Hyper-VNetworkSetup . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Hyper-VVirtualMachineGeneration . . . . . . . . . . . . . . . . . . . 44 Hyper-VCheckpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Hyper-VVirtualMachineCreation . . . . . . . . . . . . . . . . . . . . 45 Hyper-VVirtualMachineConnection . . . . . . . . . . . . . . . . . . 46 Hyper-VDiskVirtualFloppyDiskManagement . . . . . . . . . . . . . 48 CertificateAuthorityTestEnvironmentNextSteps . . . . . . . . . . . . . . . 50 Chapter3-DomainControllerandWorkstationSetup . . . . . . . . . . . . . . . 51 DomainControllerServerSetup . . . . . . . . . . . . . . . . . . . . . . . . . 52 ADDSRoleInstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 ADDSRoleInstallation-GUIInstallation . . . . . . . . . . . . . . . . 53 ADDSRoleInstallation-CLIInstallation . . . . . . . . . . . . . . . . 59 ADDSRoleConfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 ADDSRoleConfiguration-GUIConfiguration . . . . . . . . . . . . . 62 ADDSRoleConfiguration-CLIConfiguration . . . . . . . . . . . . . 67 ADDSRoleConfiguration-Validation . . . . . . . . . . . . . . . . . . 69 CreateanActiveDirectoryOUStructure . . . . . . . . . . . . . . . . . . . . . 70 CreateanActiveDirectoryOUStructure-GUIConfiguration . . . . . 70 CreateanActiveDirectoryOUStructure-CLIConfiguration . . . . . 73 CreateDomainUserAccounts . . . . . . . . . . . . . . . . . . . . . . . . . . 74 CreateDomainUserAccounts-GUIConfiguration. . . . . . . . . . . 75 CreateDomainUserAccounts-CLIConfiguration . . . . . . . . . . . 78 WorkstationCreationandDomainJoin . . . . . . . . . . . . . . . . . . . . . 79 LDAPoverSSLforActiveDirectory . . . . . . . . . . . . . . . . . . . . . . . 82 DomainControllerandWorkstationNextSteps . . . . . . . . . . . . . . . . 86 Chapter4-OfflineRootCASetup . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 RootCAServerSetup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Optional: AddBitLockerontheRootCA. . . . . . . . . . . . . . . . . 89 AddBitLockerontheRootCA-GUIInstallation . . . . . . . . 91 AddBitLockerontheRootCA-CLIInstallation . . . . . . . . 96 Optional: ConfigureGroupPolicyforBitLockerontheRootCA. . . . 97 Optional: EnableBitLockerontheRootCA . . . . . . . . . . . . . . . 99 Optional: TestBitLockerontheRootCA . . . . . . . . . . . . . . . . 102 TesttheBitLockerRecoveryKey . . . . . . . . . . . . . . . . . 102 MounttheBitLockerHardDiskonAnotherDevice . . . . . . . 103 BackUptheBitLockerRecoveryKey. . . . . . . . . . . . . . . 104 Optional: DisableWindowsUpdateontheRootCA . . . . . . . . . . 105 RootCAServerLocalPolicies . . . . . . . . . . . . . . . . . . . . . . . . . . 108 RootCACAPolicy.infInstallation . . . . . . . . . . . . . . . . . . . . . . . . . 110 viii|PracticalGuidetoPKIwithWindowsServer

ebook img

Practical Guide to PKI with Windows Server PDF

400 Pages·2021·15.01 MB·English
by  Matthew Burr
#
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Download Practical Guide to PKI with Windows Server PDF Free - Full Version

by Matthew Burr| 2021| 400 pages| 15.01| English

Download Practical Guide to PKI with Windows Server by Matthew Burr in PDF format completely FREE. No registration required, no payment needed. Get instant access to this valuable resource on PDFdrive.to!

Free Download PDF

About Practical Guide to PKI with Windows Server

No description available for this book.

Detailed Information

Author:Matthew Burr
Publication Year:2021
ISBN:9781777442200
Pages:400
Language:English
File Size:15.01
Format:PDF
Price:FREE
Download Free PDF

Safe & Secure Download - No registration required

Why Choose PDFdrive for Your Free Practical Guide to PKI with Windows Server Download?

  • 100% Free: No hidden fees or subscriptions required for one book every day.
  • No Registration: Immediate access is available without creating accounts for one book every day.
  • Safe and Secure: Clean downloads without malware or viruses
  • Multiple Formats: PDF, MOBI, Mpub,... optimized for all devices
  • Educational Resource: Supporting knowledge sharing and learning

Free Books Similar to Practical Guide to PKI with Windows Server

Frequently Asked Questions

Is it really free to download Practical Guide to PKI with Windows Server PDF?

Yes, on https://PDFdrive.to you can download Practical Guide to PKI with Windows Server by Matthew Burr completely free. We don't require any payment, subscription, or registration to access this PDF file. For 3 books every day.

How can I read Practical Guide to PKI with Windows Server on my mobile device?

After downloading Practical Guide to PKI with Windows Server PDF, you can open it with any PDF reader app on your phone or tablet. We recommend using Adobe Acrobat Reader, Apple Books, or Google Play Books for the best reading experience.

Is this the full version of Practical Guide to PKI with Windows Server?

Yes, this is the complete PDF version of Practical Guide to PKI with Windows Server by Matthew Burr. You will be able to read the entire content as in the printed version without missing any pages.

Is it legal to download Practical Guide to PKI with Windows Server PDF for free?

https://PDFdrive.to provides links to free educational resources available online. We do not store any files on our servers. Please be aware of copyright laws in your country before downloading.

The materials shared are intended for research, educational, and personal use in accordance with fair use principles.

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
We use cookies

We use cookies to ensure you get the best browsing experience on our website. By clicking "Accept Cookies", you agree that we can store cookies on your device in accordance with our Terms and Privacy.

DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users