This is an example deployment of AD DS / AD FS and AD CS for Enterprise PKI to integrate with AD.
Install AD DS and AD FS
Follow the instruction , next , next, until complete the installation.
Configure AD DS and AD FS
After installation completed, before you install AD CS, complete the configuration of AD DS and AD FS. Start with AD DS.
Add a new forest : 51sectest.dev
Keep your netbios domain name and path as default, next
Reboot machine then you can continue configuring AD FS. (It is optional)
To configure AD FS, you will need a pfx/pkcs12 format SSLcertificate.
Install AD CS
Configure AD CS
Choose following four roles one by one to configure.
Choose Enterprise CA
Choose Root CA
Create a private key
Choose cryptographic provider: Microsoft software cryptographic program. , SHA256, Key length, 4096
Other option will be default.
Create a new user : NDES
Add it into IIS_IUSRS and Domain Admins Groups
For following two roles, you will need to use this NDES account to configure them:
Generate Certificate Request & Submit to MS CA to Sign, Install and Replace existing Web Cert
References
- Generate a Windows Certificate Request and Submit MS CA to Sign
- 06 Servidor de certificados del dominio [Cyberark en espanol]
- 07 Certificado para NLB [Cyberark en espanol]