PKI for Network Engineers (4/?): RSA Enterprise CA setup

Greetings Fellow Geeks!

In this post, we’re going to set up our enterprise issuing CA for RSA based certificates.

The workflow is pretty straightforward.  The steps are:

  1. publish root Cert to AD
  2. add root cert and crl to local store
  3. install services
  4. configure CDP and AIA extensions
  5. run scripts
  6. copy enterprise cert to web server and rename
  7. publish CRL and Delta CRL

Here are text snippets to help out if you would like to follow long and build your own issuing CA while watching the video:


The video came out a little bit long due to some troubleshooting at the end, but I think it showed a couple of helpful things about checking the details of your certificates and fixing mistakes.  Let me know if you think this is too long and I’ll make a shorter version.


Leave a Reply