Forum Discussion
Solved
ADCS Two Tier PKI Hierarchy Deployment
Hello Everyone,
we have a design that a customer would want to deploy for a two tier hierarchy AD CS, the problem is I cant figure out the configuration between the two issuing certificate and the DNS especially on the CRL, and the load balancer, as anyone done this or have an article with the steps i could take.
assistance will be highly appreciated as i am stuck.
Below image is how the arch should be
- Hello,
Here is an excellent wrap-up, from the old MS PKI blog : https://docs.microsoft.com/en-us/archive/blogs/xdot509/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up
Some items listed here are a bit outdated (non-Powershell scripts by example) but nothing serious.
Notice a PKI is one of the most important security components of an infrastructure, if you are new to this you should seek help from a more experienced Microsoft security expert, as PKI requires a lot of tuning and careful design to make it work in an secured way.
3 Replies
Hello! You've posted your question in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your question to the Windows Server space- please post Windows Server questions here in the future.
- Hello,
Here is an excellent wrap-up, from the old MS PKI blog : https://docs.microsoft.com/en-us/archive/blogs/xdot509/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up
Some items listed here are a bit outdated (non-Powershell scripts by example) but nothing serious.
Notice a PKI is one of the most important security components of an infrastructure, if you are new to this you should seek help from a more experienced Microsoft security expert, as PKI requires a lot of tuning and careful design to make it work in an secured way.- This link does provide PowerShell commands. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)
