Installing Enterprise CA for AD FS

This video will look at how to install an Enterprise Root CA to be with Active Directory Federation Services. This will get you up and going with the basic certificate requirements for AD FS. If you already have an Enterprise root CA on your network, you can use this video to create a template on that Root CA for use with AD FS.

Download the PDF handout http://ITFreeTraining.com/handouts/fe...

In this video
This will perform a basic install of an Enterprise CA. Once the Enterprise CA is configured a template will be created on the Enterprise CA. This template can then be used to issue a certificate to an Active Directory Federation Server in a process called auto enrollment. Auto enrollment is effectively the server contacting the Enterprise CA to obtain a certificate. Once auto enrollment has been configured, the administrator does not need to worry about issuing certificates or ensuring that the certificate is renewed when it expires. If you already have an Enterprise CA on your network, you can follow the steps in this video (as outlined below) to create a Certificate Template on your existing CA.

Demonstration role install
Essentially the role "Active Directory Certificate Services" needs to be installed making sure the component "Certification Authority" is selected.
1) To add the Enterprise CA role, run server manager and then select the option "Add roles and features".
2) In this case the install is a local install so all the defaults can be accepted up to the role selection screen.
3) On the role selection screen, the role "Active Directory Certificate Services" needs to be selected. If you are given an additional screen to add more features, these features also need to be added in order to install the role.
4) For the rest of the wizard the only option that needs to selected is "Certification Authority" for the certificates component screen, which should be selected be default. It is just a matter of completing the wizard and pressing install when prompted.

Demonstration configuration of the role
1) To configure the role, select the exclamation mark at the top of server manager and then select the option "Configure Active Directory Certificate Services on the destination server" to start the configuration wizard.
2) On the welcome screen of wizard make sure that there are credentials entered in that have enough permissions to perform the configuration.
3) The next screen allows the administrator to decide which components that they want to configure. In this case the only component that was installed was "Certification Authority". If you had installed other components, you can tick them here and have them configured at the same time.
4) On the next screen, there is a choice between an Enterprise CA and Standalone CA. In this case the Enterprise CA is selected because auto enrollment is required, which a Standalone CA does not support. A Standalone CA does offer some security advantages.
5) The next screen will ask if you want to install a Root CA or a subordinate CA. In this case to make the install simple a Root CA was chosen. This means that this CA can issues certificates without having to work with other CA's. A Root Enterprise CA is easy to install and support, however since it needs to be installed on a server that is a domain member there are security concerns. It is recommended that the administrator perform their own research to work out what CA will work best for their needs.
6) For the private key a new key needs to be generated unless you have an existing key from a previous CA.
7) For the rest of the options in the wizard the defaults were accepted. If you are installing the CA in a production environment, you should take time to understand each of these options and choose the best option for your network.

Description to long for YouTube. Please see the following link for the rest of the description.
http://itfreetraining.com/federation#...

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
None

1. ad fsmo roles, ad fs management, ad fsmo, ad fs 2.0, ad fs management console, ad fs server, ad fs requirements, ad fs deployment guide, ad fs proxy, ad fs 2016, ad fs auditing, ad fs 3.0, ad fs certificate, ad fs event id 364, ad fs 2019, ad fs relying party trust, adfs logs, ad fs wap, ad fs azure, ad fs configuration, certificates of deposit, certificates online, certificates of deposit rates, certificates of appreciation, certificates of deposit definition, certificates of completion, certificates of participation, certificates templates, certificates for kids, certificates of insurance, certificates uw madison, certificates definition, certificates of occupancy, certificates for students, certificates to print, certificates templates free, certificateservicesclient-autoenrollment, certificates of authenticity, certificates vs degrees, certificates now, itfreetraining youtube, itfreetraining active directory, itfreetraining adfs, itfreetraining dns, itfreetraining 70-410, itfreetraining windows server 2016, itfreetraining windows server 2012, itfreetraining vmware, itfreetraining 70-640, itfreetraining powershell, itfreetraining windows 7, itfreetraining windows 10, itfreetraining hyper v, itfreetraining group policy, itfreetraining groups, itfreetraining dfs, itfreetraining sccm, itfreetraining certificate, itfreetraining linux, itfreetraining 70-411

Installing Enterprise CA for AD FS
39,076 views views	followers
191 Likes	191 Dislikes
Education	Upload TimePublished on 3 Jul 2014