Active Directory Certificate Services Notes

Last Updated: September 15, 2019

Installing

Install-AdcsCertificationAuthority -ValidityPeriod 10 -CAType EnterpriseRootCA `
 -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" `
 -KeyLength 4096 -HashAlgorithmName SHA512

Web Enrollment

http://servername/certsrv

Adding san attributes

Needed to not get the unsecure error on chrome.

Configure CA to accept the attributes:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Attributes:

san:dns=dns.name&dns=dns.name

Replace dns.name with your URL(s).

Installing​

Web Enrollment​

Adding san attributes​

Installing

Web Enrollment

Adding san attributes