In the post,Will show you how to install Subordinate CA where you have already have Enterprise ROOT-CA available in the domain. Ideally, When you install Subirdiante CA Under ROOT-CA is called 2-Tier PKI Infrastructure. Many Organizations they use 2-Tier Method to avoid abnormal down due to the Servers, Threats and Vulnerability.

ROOT-CA or Offline-CA will be in the out of network and kept in Isolated network to avoid the missusing of the Certificate Services.

Subordinate-CA or issueing CA will be used to issue the Certificates to the Computers, Users and Websites.

I cover here how to install Subordinate-CA, Please refer the article to learn how to install ROOT-CA.

Install Certificate Service role from the Server Manager and Click on Configure Active Directory Certificate Services on the destination server

1

Select the Enterprise account of the domain which allowed to Install the certificate Services and Click on Next

2

Select Certificate Authority and Click on Next 

3

Select Enterprise CA and Click on  Next

4

Select Subordinate CA and Click on Next

5

Select Create a new private key and Click on Next

6

Click on Next after selecting the Cryptographic Options

7

Give the Name for the CA and Click on Next

8

Majority of CA Administrators will keep the ROOT-CA Servers in offline or isolated network, hence generate the request for and save it in the location system

9

Select the Database Location and Log Location paths and Click on Next

10

Click on Configure

11

Now CA is ready to configure, What we need to take that reuqest file to the ROOT-CA Server and get the certificate. Click on Close.

12

Copy the request for from the Saved path to the ROOT-CA Server Manually.

13

Login in to ROOT-CA–>Right click on ROOT-CA–> All Tasks-->Submit new request

14

Select the Request file and click on Open

You will get the certificate to save in the shared path to take it to the Subordinate CA Server once submitted,

Now, Click on Certificate Authority in the Subordinate CA Server

17

Click on Install CA Certificate

24

Select the Certificate from the Shared path and click on Open

25

Click on Start Service

26

Click on Properties once service started successfully.

You can see the Certificate got installed and ready to issue certificates from the Subordinate CA.

28

#certificateServices #PKI #SUBCA #SubordinateCA

Author

Leave a comment

Your email address will not be published. Required fields are marked *