How to Migrate PKI 2-Tier SHA1 to SHA256 in Windows Server 2012 R2

In this post, I will be covering how to Migrate 2-Tier Windows PKI SHA-1 Algorithm Infrastructure to SHA-256(Simply called as SHA-2) Algorithm. Why do we need this migration: Server Authentication certificates: CA must begin issuing new certificates using only the SHA-2 algorithm after January 1, 2016. Windows will no longer trust certificates signed with SHA-1 […]

How to install Subordinate CA in Windows Server 2012 R2

In the post,Will show you how to install Subordinate CA where you have already have Enterprise ROOT-CA available in the domain. Ideally, When you install Subirdiante CA Under ROOT-CA is called 2-Tier PKI Infrastructure. Many Organizations they use 2-Tier Method to avoid abnormal down due to the Servers, Threats and Vulnerability. ROOT-CA or Offline-CA will […]

How to Install Certificate Services with SHA-256 in Server 2012 R2

In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256. Open Server Manager–> click on Add Roles and features Click on Next Select Role-based or feature-based installation and click on Next Click on Next Select on Active Directory Certificate Services Click on Next Click […]

CA is issuing Certificates only for three years

Below is the issue faced by one my client last week that they are not able to provide the certificates with more than 5 years validity even though certificate template is issued with 5 Years. Above Template shows that certificate Validity period 5 Years but when it is issues the certificate provides the certificate validity only […]

How to Install Certitifcate Services in Server 2012

How to Install Certificate Services in Server 2012

In this article, I will explain how to install Certificate Services(CA) in Server 2012 Open Server Manager, Click on Add Roles and Features, Click on Next Select Roles-based or features-based installation and click Next Select Server on which you want to install Certificate Services and Click Next, Select Active Directory Certificate Services and click Next, […]