PKI for Network Engineers (3/?): RSA Offline Root

Greetings Professor Falken,


How about Global Thermonuclear War  setting up a two level CA hierarchy?  This is great configuration for labbing and for medium to largish enterprises.  As I discussed at the end of part one of this series, you would never want to deploy an enterprise root in a real network.  So why not model best practices in our lab?

Ok, let’s get started.

NOTE:  Before we configure anything, it’s important to do some planning and sort out all the naming conventions.  If you want to follow along with the videos, check out the attached: Setup Text Block File and a Diagram  which you can edit to customize for your lab.  I also included links to some resources in the doc.  I found Timothy Gruber’s guide on setting up Windows 2016 PKI enormously helpful.

There’s a lot of work to be done, so I’ll break it up into 15-20 minute chunks.

In this video we set up the offline root.




Leave a Reply