deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-13 17:43:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/includes/lab-based-pki-deploy.md
Paolo Matarazzo 093461e07c updates
2023-01-03 10:51:21 -05:00

1.6 KiB
Raw Blame History

ms.date, ms.topic
ms.date ms.topic
01/03/2023 include

Deploy an enterprise certification authority

This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on an enterprise PKI running the Windows Server Active Directory Certificate Services role.
If you don't have an existing PKI, review Certification Authority Guidance to properly design your infrastructure. Then, consult the Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy for instructions on how to configure your PKI using the information from your design session.

Lab-based PKI

The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.

Sign in using Enterprise Administrator equivalent credentials on a Windows Server where you want the certification authority (CA) installed.

Note

Never install a certification authority on a domain controller in a production environment.

  1. Open an elevated Windows PowerShell prompt
  2. Use the following command to install the Active Directory Certificate Services role. 
    Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
  3. Use the following command to configure the CA using a basic certification authority configuration 
    Install-AdcsCertificationAuthority