ADCS Resources⚓︎
Misc Links⚓︎
- https://vimeo.com/nicconf/review/35053082/aaff51b192
- https://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
- https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx
- https://blogs.technet.microsoft.com/pki/2006/11/30/basic-crl-checking-with-certutil/
- https://blogs.technet.microsoft.com/askds/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning/
- https://blogs.technet.microsoft.com/askds/2009/10/13/designing-and-implementing-a-pki-part-ii-implementation-phases-and-certificate-authority-installation/
- https://blogs.technet.microsoft.com/askds/2010/05/27/designing-and-implementing-a-pki-part-iii-certificate-templates/
- https://blogs.technet.microsoft.com/askds/2011/04/06/designing-and-implementing-a-pki-part-iv-configuring-ssl-for-web-enrollment-and-enabling-key-archival/
- https://blogs.technet.microsoft.com/askds/2011/04/07/designing-and-implementing-a-pki-part-v-disaster-recovery/
- https://blogs.technet.microsoft.com/askds/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp/
- https://blogs.technet.microsoft.com/askds/2009/06/25/implementing-an-ocsp-responder-part-ii-preparing-certificate-authorities/
- https://blogs.technet.microsoft.com/askds/2009/06/29/implementing-an-ocsp-responder-part-iii-configuring-ocsp-for-use-with-enterprise-cas/
- https://blogs.technet.microsoft.com/askds/2009/06/30/implementing-an-ocsp-responder-part-iv-configuring-ocsp-for-use-with-standalone-cas/
- https://blogs.technet.microsoft.com/askds/2009/08/20/implementing-an-ocsp-responder-part-v-high-availability/
- https://blogs.technet.microsoft.com/askds/2009/08/21/implementing-an-ocsp-responder-part-vi-configuring-custom-ocsp-uris-via-group-policy/
- https://social.technet.microsoft.com/Profile/chdelay/activity
- https://blogs.technet.microsoft.com/xdot509/2013/03/22/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up/
- https://blogs.technet.microsoft.com/pki/2009/08/07/understanding-key-archival/
Never add a CPS to a root server⚓︎
If you have an intermediate server you should not add a CPS to your root server. Only the intermediate should have the CPS.
Don’t add an CDP LDAP location on an offline Root if CDP http location is HA⚓︎
Use a random OID or apply for a proper PEM⚓︎
RFC3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework⚓︎
ADCS Delegation⚓︎
How to Decommission an old CA⚓︎
NDES servers can’t be HA⚓︎
Using a gMSA for your NDES Service⚓︎
Setting up an NDES Server⚓︎
- https://www.slsmk.com/installing-scep-using-microsoft-ndes/
- https://blogs.technet.microsoft.com/tune_in_to_windows_intune/2014/04/25/part-2-scep-certificate-enrolling-using-configmgr-2012-crp-ndes-and-windows-intune/
- https://blogs.technet.microsoft.com/askds/2011/07/12/ill-take-ndes-in-the-dmz-for-1000-alex/
- https://blogs.technet.microsoft.com/askds/2010/11/22/ipad-iphone-certificate-issuance/
Enable SANs via ADCS Web Enrollment Pages⚓︎
- https://ammarhasayen.com/2010/12/17/how-to-request-a-san-certificate-using-ms-ca-web-enrollment-pages/
- https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/customizing-the-certificate-services-web-enrollment-pages
Getting Kerberos Working with CA Web Enrollment Proxy⚓︎
- https://blogs.technet.microsoft.com/askds/2009/04/22/how-to-configure-the-windows-server-2008-ca-web-enrollment-proxy/
- https://sharepointlink.blogspot.com/2010/07/iis-7-kernel-mode-authentication.html
Web Enrollment Won’t Show Templates⚓︎
- https://support.microsoft.com/en-us/help/2015796/version-3-cng-templates-will-not-appear-in-windows-server-2008-or-wind
- https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx#Permissions_Required_for_the_Network_Device_Enrollment_Service
- https://blogs.technet.microsoft.com/mspfe/2012/12/27/how-to-avoid-having-users-enroll-for-multiple-certificates/