Blog Post
Step by Step: 2-Tier PKI Lab
Good read, Rahul — brought back memories from my support days!
🛑 Disclaimer (with a chuckle):
Before you dive into setting up that Offline CA, take a deep breath and double-check your setup. I’ve seen things… wild things. Like CAs running on Hyper-V VMs hidden on someone’s laptop — and then poof — formatted and forgotten like last year’s New Year’s resolutions. 😅
So please, for the love of certificates and operational sanity:
- Document it.
- Catalog it.
- Treat it like the crown jewels of your PKI.
Because nothing says “oops” quite like realizing your root of trust was last seen on a dev’s coffee-stained ThinkPad.
- rahuljangdaMay 22, 2025
Microsoft
Couldn't agree more!
Goes back to having solid key ceremonies, security procedures, and processes in place. As you said - document every step (version-control it), catalog it, run formal Key Ceremonies with checklists and multiple approvers, audit/test often to prove the root CA is truly offline.