Overview
This document outlines the steps necessary to be taken on the Windows Server before the integration with ADCS can be configured.
This integration guide was tested on:
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Active Directory presence
Depending on your environment, install the Active Directory Server Role according to the instructions from Microsoft and promote the Domain. Omit the step if you already have an onsite Active Directory structure. Make sure, the machine you are connecting is a member of the AD Domain.
You can use as example the following guide: Install a New Windows Server 2012 Active Directory Forest (Level 200) | Microsoft Docs
Active Directory Certificate Services presence
Depending on your environment, install the Active Directory Certificate Services Server Role according to the instructions from Microsoft. Omit the step if you already have Microsoft Certification Authority Running.
You can use as example the following guide: Install Active Directory Certificate Services | Microsoft Docs
PowerShell remoting
PowerShell remoting is used to facilitate client-less integration with ADCS. PowerShell remoting is enabled by default on Windows Server platforms. You can use Enable-PSRemoting to enable PowerShell remoting on other supported versions of Windows and to re-enable remoting if it becomes disabled.
You have to run this command only one time on each computer that will receive commands.
PowerShell remoting can be facilitated using the following protocols:
| Protocol | Description |
|---|---|
| WinRM | Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol, which is a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows interoperation between hardware and operating systems from different vendors. |
| SSH | SSH remoting lets you do basic PowerShell session remoting between Windows and Linux computers. SSH remoting creates a PowerShell host process on the target computer as an SSH subsystem. SSH-based remoting doesn't currently support remote endpoint configuration and Just Enough Administration (JEA). |
Integration
The following steps should be done to successfully integrate ADCS with CZERTAINLY:
| # | Reference | Short description |
|---|---|---|
| 1 | Install PSPKI Module | Prepare PowerShell PKI Module |
| 2 | WinRM Configuration | Configure Windows Remote Management protocol |
| 3 | SSH Configuration | Configure Secure Shell protocol |
| 4 | Firewall Configuration | Configure inbound connections and delegation |
| 5 | Create User | Create user to access ADCS |
| 6 | Testing Integraton | Test integration and access to ADCS |
Troubleshooting
For common issues and troubleshooting, refer to Troubleshooting.