AD CS and PKI Step-by-Steps, Labs, Walkthroughs, HowTo, and Examples
This article is an evolving collection of Active Directory Certificate Services (AD CS) and Public Key Infrastructure (PKI) step-by-step information. The links in this article should take you to places where you can perform or see the actual steps for deploying or administering a PKI using AD CS.
Windows Server 2012
- Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy
- Test Lab Guide: Demonstrating Certificate Key-Based Renewal
- Test Lab Guide Mini-Module: Cross-Forest Certificate Enrollment using Certificate Enrollment Web Services
Windows Server 2008 and Release 2
- Step by Step Guide - Single Tier PKI Hierarchy Deployment - This in-depth lab deployment of AD CS demonstrates a deploying a single-tier PKI hierarchy. You will also learn how to configure the certificate revocation list (CRL) distribution point (CDP) and the authority information access (AIA) location.
- Step by Step Guide - Two Tier PKI Hierarchy Deployment - This in-depth lab deployment of AD CS demonstrates how to configure a two-tier PKI hierarchy. You will also learn to configure the CDP/AIA location, as well as configure an Online Responder (OSCP).
- Active Directory Certificate Services Step-by-Step - This is the most popular content of the AD CS TechNet Library, but currently only illustrates a single-tier PKI hierarchy.
- Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation - part 2 of a 5 part series that discusses how to implement a two-tier PKI infrastructure from the Microsoft Ask the Directory Services team blog.
- Windows 2008 PKI / Certificate Authority (AD CS) basics - This is content (not on the Microsoft site) illustrates using a two-tier PKI hierarchy
Windows Server 2003 and Release 2
Additional PKI Resources
- Community directory for documentation and information: Windows PKI Documentation Reference and Library
- Frequently asked questions (FAQs) list Active Directory Certificate Services (AD CS) Frequently Asked Questions (FAQ)
- Support forum: Windows Server Security Forum
- Product team blog: Windows PKI Blog
- Support Team Blog: Ask the Directory Services team
- Script repository: TechNet Script Center Repository
- Technology overview: Active Directory Certificate Services (AD CS) Overview