GitHub Toggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto mode Back to homepage

First Edition

Practical Guide to PKI with Windows Server - First Edition

What’s Inside?

  • A 398 page complete guide for implementing a Two-Tier Certificate Authority using Windows Server 2019.
  • An in-depth, step-by-step guide for building all components of a CA.
  • A quick start guide for quickly creating a CA using AD CS.
  • A guide to implementing an Offline Root CA and an Enterprise CA.
  • A guide to implementing OCSP with AD CS.
  • A guide to installing and configuring Hyper-V.
  • Instructions using the GUI and the CLI for installation and configuration.
  • Over 350 screenshots and diagrams.
  • Over 125 configuration commands and sample configurations.

Table of Contents

Included in the book are 12 chapters which explain the process for creating a Certificate Authority using Active Directory Certificate Services:

  1. Public Key Infrastructure Overview
  2. Certificate Authority Test Environment
  3. Domain Controller and Workstation Setup
  4. Offline Root CA Setup
  5. Subordinate CA Setup
  6. Deploy Root and Subordinate Certificates
  7. Online Responder Role Configuration
  8. Private Key Archive and Recovery
  9. Certificate Template Customization
  10. Certificate Enrollment
  11. AD CS Post-Implementation Tasks
  12. AD CS Quick Start

Also included is a Glossary, a list of all commands used in the book and a complete Index.

Who Is This Book For?

The purpose of this book is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Microsoft Windows Server. This book offers a comprehensive step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.

This book also explains each step, the necessity of that step, and the importance of that step within the Certificate Authority. The results of this book will create a Certificate Authority that can issue certificates internally within an organization in a secure manner, using best practices.

This book is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this book, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.

This book is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.

The contents of this book are presented in a thorough, but easy to follow manner. Screenshots are provided for important steps for verification purposes and to demonstrate how the environment should be configured.

Behind the Scenes

For more information on how I wrote the book and what challenges I encountered while writing it, check out the Practical Guide to PKI with Windows Server – Behind the Scenes page.

For a follow-up on this book, check out the Practical Guide to PKI with Windows Server - One Year Later page.

Updates and Additional Materials

If there are any updates for the book or additional materials, they will be posted to this page.

Command Listing

For customers who purchased the paperback version of this book, you can find all of the commands that are printed in the book by visiting this page.

This site uses cookies. By continuing to use this website you agree to their use. To find out more about how this site uses cookies, including how to control cookies used for this website, please review the Privacy Policy and Cookie Policy.