Professional Documents
Culture Documents
Deploying CAs
Administering CAs
• Troubleshooting and maintaining CAs
Lesson 1: Deploying CAs
What is AD CS?
Options for implementing CA hierarchies
Standalone vs. enterprise CAs
Considerations for deploying a root CA
Demonstration: Deploying an enterprise root CA
Considerations for deploying a subordinate CA
• How to use the CAPolicy.inf file for installing a CA
What is AD CS?
Policy CAs
Issuing CAs
Root CA Root CA
Policy CA Policy CA
Issuing CA
Root
Root
Subordinate
Subordinate
Root Root
Subordinate Subordinate
Managing CAs
Configuring CA security
Security roles for CA administration
Configuring CA policy and exit modules
Configuring CDPs and AIA locations
• Demonstration: Configuring CA properties
Managing CAs
• Role-based administration:
• Grant predefined CA permissions to a security group
• Must be manually configured; roles are not
automatically created
• Typical roles for AD CS might be:
• CA Administrator
• Certificate Manager
• Backup Operator
• Auditor
• Enrollee
Troubleshooting CAs
Renewing a CA certificate
Moving a root CA to another computer
• Monitoring CA operations
Troubleshooting CAs
• Common AD CS issues:
• Client autoenrollment issues
• Unavailable enterprise CA option
• Error accessing CA webpages
• Enrollment agent restriction
Renewing a CA certificate
Review Questions
Tools
Best Practice
• Common Issues and Troubleshooting Tips