You utilize a copy of the template rather than the original template so that the configuration of the original template is preserved for possible future use. When you deploy server certificates, you make one copy of the RAS and IAS servers certificate template and then configure the template according to your requirements and the instructions in this guide. Copy of the RAS and IAS servers certificate template CAPolicy.infīefore you install AD CS, you configure the CAPolicy.inf file with specific settings for your deployment.
In the most secure deployments, the Enterprise Root CA is taken offline and physically secured. Active Directory Certificate Services (AD CS) is installed on CA1.įor larger networks or where security concerns provide justification, you can separate the roles of root CA and issuing CA, and deploy subordinate CAs that are issuing CAs. The CA issues certificates to server computers that have the correct security permissions to enroll a certificate. In this scenario, the Enterprise Root certification authority (CA) is also an issuing CA.
If you have not already installed your Active Directory domain, you can do so by using the Core Network Guide for Windows Server 2016.įor more information on each item depicted in the illustration above, see the following: This guide provides instructions for deploying and configuring CA1 and WEB1, and for configuring DC1, which this guide assumes you have already installed on your network. In the illustration above, multiple servers are depicted: DC1, CA1, WEB1, and many SDN servers.
0 kommentar(er)
