HACKER Q&A
📣 lax4ever

Microsoft CA Reading Material


Does HN have some recommended readings for Microsoft's CA role, Certificates, and PKI? My company is preparing to replacing our domain controllers (hardware replacement and going from 2012 R2 to Server 2022) and one of them has our local CA. It's not used for much right now (DC authentication, Kerberos, and Exchange), but I am trying to decide if it will be simpler to migrate or just start a new CA.


  👤 ailurooo Accepted Answer ✓
https://www.amazon.com/gp/product/B010EUQPPY?psc=1 I started with this book. But honestly there's just alot of reading to do to setup the root cert correctly and supportable going forward. Like the default root cert has too low of ... numbers..There's stuff you want to customize when setting up the root cert that MS doesn't specify and it's kinda a major nightmare, i recommend doing a lab environment and testing.

Likely people who install a CA on a DC don't know admining and therefore i would recommend setting up a new cert. And/or ask why you're even using a certificate authority in the first place. As kerberos authentication between windows is really solid even without a cert authority.