Installing Certificate Authority — Stephen Dicks website

This is a guide on how to install Certificate Authority (CA) on Windows Server 2022.

Certificate Authority is used for additional security when accessing Domain services for specific end users using authentication with the users public key.
This system helps verification for both end to end encryption for both parties, these certificates can be configured to expire at a specific date in which a system administrator needs to reconfigure another CA for authentication if applicable for additional security measures. When configuring services, devices, servers or anything within your network, you can establish specific Group Policies to have access to specific data, exflitrate/download datasets within the organization/network and block all access within the organization to access a web user interface of server management, NAS, anything that requires a public key within the organization/network.

This can also help stop delays of a warning to proceed to a web user interface within your environment, use end to end encryption for network devices such as switches, routers, firewalls, SIEMs or any other services that require a certificate for HTTPS (port 443) and can help have additional authentication of not only requiring the users username and password, but must require only the public key (the certificate in this case) and the users name and password, or can be configured to only require the public key to access specific data sets/services.

So lets begin the initial installation of Windows Server 2022 for Certificate Authority using XCPNG as our virtualization software and Xen Orchestra as our Virtual Machine manager

In this demonstration we will do the following below

Installing Windows Server 2022
Creating a new user and disabling the built in administrator
Configuring the server for the Certificate Authroity role

Installing Windows Server 2022 Desktop Experience

Navigate sign into https://192.168.220.30

Select New > VM

Select the drop down and select the aaa_004 pool

Input the following

1. Pool – aaa_0004
- Used for physical identification of the server I used for asset management

2. Template – Windows Server 2022 (64-bit)

3. Name – Windows Server 2022

4. Description - Active Directory Domain Services

5. vCPUs – 2

6. RAM – 2 GiB

7. Topology – 1 socket with 2 cores per socket

8. ISO/DVD – windows_server_2022.iso

9. Network – Pool-wide network associate (eth0)

10. SR – Local Storage 1.78 TiB

11. Name – Windows Server 2022 (64-Bit) ADDS

12. Description – ADDS

13. Size – 32 GiB

When prompted, select Next to continue upon powering on and Continue through installaiton

When prompted, select Windows Server 2022 Standard Evaluation (Desktop Experience) and select Next

Accept the License terms and select next

Select Custom: Install Microsoft Server Operating System only (advanced)

Select the Disk Drive you wish to install Windows Server 2022 on

Input and confirm the password for the Administrator user and sign into the account

Creating a new user and disabling the built in Administrator

At the bottom left corner, select the Windows Start Menu and search for and open Computer management

Select the drop down menu for Local Users and Groups

Select the Users directory

Right click in the open space on the list of users and select New User...

Create a new user account with a User name, your Full name, Description of the account purpose and a strong password and create the new user account

Right click the new user and select Properties

Within the Properties window for the new user, select the Member Of tab, and select Add...

Within the Enter the object names to select box, enter the group name Administrators and select Check Names and select Ok, apply the changes to the new user account