Greetings Professor Falken,
Global Thermonuclear War setting up a two level CA hierarchy? This is great configuration for labbing and for medium to largish enterprises. As I discussed at the end of part one of this series, you would never want to deploy an enterprise root in a real network. So why not model best practices in our lab?
Ok, let’s get started.
NOTE: Before we configure anything, it’s important to do some planning and sort out all the naming conventions. If you want to follow along with the videos, check out the attached: Setup Text Block File and a Diagram which you can edit to customize for your lab. I also included links to some resources in the doc. I found Timothy Gruber’s guide on setting up Windows 2016 PKI enormously helpful.
There’s a lot of work to be done, so I’ll break it up into 15-20 minute chunks.
In this video we set up the offline root.