Configure Active Directory Certificate Services (ADCS) Web Server SSL-TLS Templates
Building on previous videos covering user and computer certificate templates, this tutorial dives into configuring SSL/TLS Web Server certificate templates in Active Directory Certificate Services (AD CS), including support for multiple Subject Alternative Names (SANs) to secure HTTPS and multi-hostname services.
Applies to:
✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016, ✅ Windows Server 2012R2, ✅ Windows Server 2012
Chapters:
0:00 Introduction
0:33 Create an AD Group for Servers
1:57 Create New Web Server Template
3:58 Web Server Enrollment
5:51 Name Resolution Requirements
6:04 Name Resolution: DNS
6:38 Name Resolution: HOSTS File
7:28 Export Certificate
7:43 Export: Computer Certificates MMC
8:46 Export: PowerShell
9:20 Export: Check the Exported PFX File
9:47 Example Usage
10:18 Manage Private Key Permissions
11:26 Thank you for watching!
11:49: Links
Glossary:
ADAC = Active Directory Administrative Center
ADCS = Active Directory Certificate Services
ADDS = Active Directory Domain Services
ADUC = Active Directory Users and Computers
AIA = Authority Information Access
CA = Certificate Authority
CDP = CRL Distribution Point
CN = Common Name
CRL = Certificate Revocation List
CSR = Certificate Signing Request
DN = Distinguished Name
EFS = Encrypting File System
FQDN = Fully Qualified Domain Name
GPO = Group Policy Object
HTTPS = HyperText Transfer Protocol Secure
MMC = Microsoft Management Console
OCSP = Online Certificate Status Protocol
OU = Organizational Unit
PAW = Privileged Access Workstation
PFX = Personal Information Exchange
PKI = Public Key Infrastructure
RSA = Rivest–Shamir–Adleman (a public-key encryption algorithm)
RSAT = Remote Server Administration Tools
SAN = Subject Alternative Name
SHA = Secure Hash Algorithm
SNI = Server Name Indication
SSL = Secure Sockets Layer
TLS = Transport Layer Security
UPN = User Principal Name
GitHub (commands):
https://github.com/DariensTips
Commands:
Get-ChildItem Cert:\LocalMachine\my
$daCert=Get-ChildItem Cert:\LocalMachine\my\[thumbprint]
$mypwd = ConvertTo-SecureString -String 'yourGoodPwssd' -Force -AsPlainText
Export-PfxCertificate -Cert $daCert -FilePath [path]\[filename].pfx -Password $mypwd
certutil.exe -dump [path]\[filename].pfx.pfx
certutil.exe -p a -dumppfx [path]\[filename].pfx
Get-PfxCertificate [path]\[filename].pfx | Select-Object *
Get-PfxCertificate [path]\[filename].pfx | Select-Object -ExpandProperty DnsNameList
Links:
https://cabforum.org/
https://docs.digicert.com/en/trust-lifecycle-manager/inventory/certificate-attributes-and-extensions/subject-dn-attributes.html
https://knowledge.digicert.com/general-information/what-is-a-distinguished-name
https://learn.microsoft.com/en-us/powershell/module/adcsadministration/get-catemplate
https://learn.microsoft.com/en-us/powershell/module/pki/export-pfxcertificate
https://learn.microsoft.com/en-us/powershell/module/pki/get-certificate
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16
https://learn.microsoft.com/en-us/windows/win32/seccrypto/distinguished-name-fields
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-template-concepts
https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/manage-certificate-templates
https://www.cloudflare.com/learning/ssl/what-is-ssl/
https://www.digicert.com/faq/public-trust-and-certificates/how-long-are-tls-ssl-certificate-validity-periods
https://www.digicert.com/faq/public-trust-and-certificates/what-is-a-wildcard-certificate
https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.6
Hashtags:
#ADCS #WebServerCertificate #ActiveDirectory #CertificateAuthority
Видео Configure Active Directory Certificate Services (ADCS) Web Server SSL-TLS Templates канала Darien's Tips
Applies to:
✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016, ✅ Windows Server 2012R2, ✅ Windows Server 2012
Chapters:
0:00 Introduction
0:33 Create an AD Group for Servers
1:57 Create New Web Server Template
3:58 Web Server Enrollment
5:51 Name Resolution Requirements
6:04 Name Resolution: DNS
6:38 Name Resolution: HOSTS File
7:28 Export Certificate
7:43 Export: Computer Certificates MMC
8:46 Export: PowerShell
9:20 Export: Check the Exported PFX File
9:47 Example Usage
10:18 Manage Private Key Permissions
11:26 Thank you for watching!
11:49: Links
Glossary:
ADAC = Active Directory Administrative Center
ADCS = Active Directory Certificate Services
ADDS = Active Directory Domain Services
ADUC = Active Directory Users and Computers
AIA = Authority Information Access
CA = Certificate Authority
CDP = CRL Distribution Point
CN = Common Name
CRL = Certificate Revocation List
CSR = Certificate Signing Request
DN = Distinguished Name
EFS = Encrypting File System
FQDN = Fully Qualified Domain Name
GPO = Group Policy Object
HTTPS = HyperText Transfer Protocol Secure
MMC = Microsoft Management Console
OCSP = Online Certificate Status Protocol
OU = Organizational Unit
PAW = Privileged Access Workstation
PFX = Personal Information Exchange
PKI = Public Key Infrastructure
RSA = Rivest–Shamir–Adleman (a public-key encryption algorithm)
RSAT = Remote Server Administration Tools
SAN = Subject Alternative Name
SHA = Secure Hash Algorithm
SNI = Server Name Indication
SSL = Secure Sockets Layer
TLS = Transport Layer Security
UPN = User Principal Name
GitHub (commands):
https://github.com/DariensTips
Commands:
Get-ChildItem Cert:\LocalMachine\my
$daCert=Get-ChildItem Cert:\LocalMachine\my\[thumbprint]
$mypwd = ConvertTo-SecureString -String 'yourGoodPwssd' -Force -AsPlainText
Export-PfxCertificate -Cert $daCert -FilePath [path]\[filename].pfx -Password $mypwd
certutil.exe -dump [path]\[filename].pfx.pfx
certutil.exe -p a -dumppfx [path]\[filename].pfx
Get-PfxCertificate [path]\[filename].pfx | Select-Object *
Get-PfxCertificate [path]\[filename].pfx | Select-Object -ExpandProperty DnsNameList
Links:
https://cabforum.org/
https://docs.digicert.com/en/trust-lifecycle-manager/inventory/certificate-attributes-and-extensions/subject-dn-attributes.html
https://knowledge.digicert.com/general-information/what-is-a-distinguished-name
https://learn.microsoft.com/en-us/powershell/module/adcsadministration/get-catemplate
https://learn.microsoft.com/en-us/powershell/module/pki/export-pfxcertificate
https://learn.microsoft.com/en-us/powershell/module/pki/get-certificate
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-sql-server-encryption?view=sql-server-ver16
https://learn.microsoft.com/en-us/windows/win32/seccrypto/distinguished-name-fields
https://learn.microsoft.com/en-us/windows-hardware/drivers/install/personal-information-exchange---pfx--files
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-template-concepts
https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/manage-certificate-templates
https://www.cloudflare.com/learning/ssl/what-is-ssl/
https://www.digicert.com/faq/public-trust-and-certificates/how-long-are-tls-ssl-certificate-validity-periods
https://www.digicert.com/faq/public-trust-and-certificates/what-is-a-wildcard-certificate
https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.6
Hashtags:
#ADCS #WebServerCertificate #ActiveDirectory #CertificateAuthority
Видео Configure Active Directory Certificate Services (ADCS) Web Server SSL-TLS Templates канала Darien's Tips
Active Directory Certificate Services ADCS SSL TLS Certificates Web Server Certificate Template Subject Alternative Name SAN Windows Server SSL Certificate ADCS Certificate Enrollment Enterprise CA Certificate Authority SSL TLS Certificate Export Manage Private Key Permissions DNS Resolution SSL Certificates Install and Configure ADCS Certificate Templates Tutorial PowerShell Export-PfxCertificate Secure Internal Websites SSL Windows Server HTTPS Setup
Комментарии отсутствуют
Информация о видео
25 мая 2025 г. 20:01:09
00:12:04
Другие видео канала
