Implementing Active Directory Certificate Services in Windows Server 2016

Active Directory Certificate Services allow you to use certificates and the public key infrastructure to safeguard your business. This course will teach you how to implement an AD CS infrastructure and implement smart cards.
Course info
Rating
(37)
Level
Intermediate
Updated
Mar 9, 2017
Duration
5h 10m
Table of contents
Course Overview
Understanding the AD CS Infrastructure
Building the Lab Environment
Deploying the Root CA
Deploying Subordinate Enterprise CA
Administering Certificate Server
Securing Your CA
Maintaining CA
Deploying Certificates
Using Certificates
Using Smartcards in Windows 2016
Description
Course info
Rating
(37)
Level
Intermediate
Updated
Mar 9, 2017
Duration
5h 10m
Description

Security is more important than ever to a business. Assuring that your data is safe, your communications are protected, and your workers can be safely identified can prevent a catastrophic breach of security that could adversely affect an enterprise. In this course, Implementing Active Directory Certificate Services in Windows Server 2016, you'll learn how to properly use this technology and have the peace of mind knowing you are providing the protection of your infrastructure deserves. First, you'll explore how to set up and administer a certification authority. Next, you'll discover how to use certificates for your business and security needs. Finally, you'll learn how to implement smart cards. By the end of this course, you'll know how to secure your network, your data, your connections, and your users by using certificates in your environment.

About the author
About the author

Gary has been working in Information Technology for over 15 years. He has worked with Exchange Server since version 5.5 and has experience in both training and hands on implementations. His energetic delivery and passion for technology makes him a popular trainer. He has developed many online courses and delivers training all over the world.

More from the author
Implementing Microsoft Azure Backup
Intermediate
1h 55m
13 Sep 2018
Using Microsoft Azure Resource Groups
Beginner
1h 26m
27 Aug 2018
More courses by Gary Grudzinskas
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone! My name is Gary Grudzinskas, and welcome to my course, Implementing Active Directory Certificate Services in Windows Server 2016. I am a Windows Server consultant and an author here at Pluralsight. Security is more important now than ever, and this course will teach you how to make your enterprise more secure. You can do this with the public key infrastructure and Certificate Services. You will get a thorough look at how to properly use this technology and have the peace of mind knowing you're providing the protection your infrastructure deserves. Some of the major topics are how you set up and administer a certification authority, how you can use certificates for your business and security needs, and how you can implement smart cards. By the end of this course, you will know how to secure your network, your data, your connections, and your users by using certificates in your environment. Before taking this course, all you really need is some familiarity with Windows Server and the Active Directory. So please join me in this lively course, Implementing Active Directory Certificate Services in Windows Server 2016 so you can have the satisfaction of knowing your environment is secure.

Understanding the AD CS Infrastructure
Hello and welcome to my course. My name is Gary Grudzinskas. I'm a systems engineer and author, and I've been working with Certificate Services and certificate authorities for a very, very long time. And I'm happy that you're here. This is Implementing Active Directory Certificate Services in Windows Server 2016. The first module, Understanding the AD CS Infrastructure. Let me give you a little overview. The first thing that you're going to learn is the public key infrastructure. If you understand PKI, how it works, what it does, you are going to understand the rest of this course. It's going to be much easier for you. And then we're going to take a look at the benefits because not only understanding how PKI works but understanding what it's used for and how you can benefit from understanding this technology to secure your network through PKI. And then we take a look at the most important component of AD CS, and that, of course, is the certificate authority. And I want to show you how to design your certificate authority so it makes sense for your network. And then, finally, you'll get a good overview of the Active Directory Certificate Services as a whole. So, again, welcome to this module. Let's find out about the public key infrastructure.

Building the Lab Environment
Welcome to this module, Building The Lab Environment. You don't need anything to proceed here because what it does is it downloads all the trial versions that you need. So by the end of this module, you'll be all ready with your lab to do everything that you see me do in this module for the Certificate Services in Active Directory for Windows Server 2016. Here is an overview. We're going to start with just the lab basics--what servers we have installed and what is installed on them. We'll download the files and then set up the host, install CA1. And this CA1 is going to be our offline root CA. And then we'll install the rest of the lab servers. And then, finally, set up Client 1 (Cli1), and this Cli1 will be used for server management. So let's get into the lab basics.

Deploying the Root CA
Welcome to this module, Deploying the Root CA. As usual, I'm Gray Grudzinskas. Here's a good overview of what we're going to do in this module. We're going to begin by understanding some of the considerations for the root CA. And then we're going to prepare it by creating the CAPolicy. inf file. And then we're ready to be deploying the root CA. Then a little bit of housecleaning, which involves changing the AIA and CDL locations essentially where the root CA is made available and where the certificate revocation list resides.

Deploying Subordinate Enterprise CA
Welcome to this module, Deploying Subordinate Enterprise CA. Here's an overview of what we're going to be doing. You'll have the information for understanding subordinate CA considerations. Then you'll be setting up a DNS and root certificates, as well as setting up a GPO to trust the root CA. And, also, installing IIS and the remote management needed for a core installation. And then deploying an enterprise subordinate CA. And then, finally, you will be connecting this subordinate CA to the root CA. So let's get started.

Administering Certificate Server
Welcome to this module, Administering Certificate Server. Here is an overview. Basically what I want you to know are the tools that you use for administration. We're going to start with the tool certutil, which is a command line utility that is by far the most robust utility that you have for administering certificate server. We also have the PowerShell modules and cmdlets available to you, and we'll cover them, as well as Certification Authority snap-in for the MMC console. And the last tool that we look at is Group Policy Management for some GPO settings that will help you. So let's start off with certutil.

Securing Your CA
Welcome to this module, Security Your CA. As usual, I'm Gary Grudzinskas. Here is an overview. We're going to start with what to do as far as hardening of your CA servers. We'll include online CA servers, offline CA servers, and if you have virtual machines on a host, what to do about them. We'll also take a look at security groups and role-based administration. You will know what security groups do, what permissions you can have for them, and how to set up role-based administration. Finally, you will know about exit modules and policy modules and how to set up your SMTP server to send you an email should any exit event happen inside of your CA. So let's start with some recommendations as far as hardening of your CA servers.

Maintaining CA
Welcome to this module, Maintaining a CA. I'm Gary Grudzinskas, and here is an overview. You're going to learn how to use PKIView to monitor your CA. You're going to learn how to renew a CA certificate. And, very importantly, you're going to learn how to back up your CA, and that includes the key and the database, as well as restore that CA with the same key and database. Finally, you'll learn how to enable auditing of CA events. So let's learn about PKIView.

Deploying Certificates
Welcome to yet another module, Deploying Certificates. What I'm going to try to do here is show you how to set up your certificates, enroll them, choose the correct enrollment that you need for your network, and also along the way discover what certificates really are and how to use certificate templates. So here's a good overview. You're going to know what a certificate is. I know you've been using them, but it's probably a good idea to just sit down a few minutes and discover exactly what they are, what's on them, and how they're used. And then we have our friend here, certificate templates. This is going to make your life easier to know what templates to use and also what to put on what templates to reduce your workload of working with AD CS. Then you'll learn all about certificate enrollment, and there're a few things we'll discuss in detail. And those are autoenrollment, web enrollment, and enrollment agents. And then you'll know how to set up credential roaming. So let's begin with, What is a certificate?

Using Certificates
And a nice welcome to this module, Using Certificates. We've come a long way now, so we're going to get pretty specific about how you maintain and use these different certificates. Here is an overview. The first thing we're going to learn is how to renew and export a certificate. And then something very important if you have some really sensitive certificate that if you lose that private key, you might be in trouble. Well pay attention to this one--the key archival and recovery. I'm going to show you exactly how to do that and set that up so you don't get stuck. After this, I'm going to show you how to use certificates specifically and how they work. We'll cover Secure Sockets Layer or better known as SSL, digital signatures, content encryption, authentication and email encryption. And then, lastly, you're going to learn how to (this is fun) revoke a certificate. So let's start off with how to renew and export a certificate.

Using Smartcards in Windows 2016
I'd like to welcome you to this module, Using Smartcards in Windows 2016. Here is an overview of what we're going to do. You'll start by defining a smart card and also understanding virtual smart cards. We're going to be preparing the smart card certificate template for deployment, enrolling a user into a smart card certificate, and then after that signing in with a smart card. After this module, you should be all set up to know exactly what you need to do to implement smart cards in your environment. Let's start off with what a smart card actually is.