📄️ Setup Overview
This is the first AD CS role to be installed in an enterprise PKI. It is a trust anchor and establishes the root of a trust hierarchy. To secure the root CA, a common practice is to keep it offline to minimize the exposure. Bring it online only when issuing a subordinate CA certificate. The process is to simply add and configure AD CS role as a Certificate Authority (CA) on a non-domain joined server.
🗃️ GUI Setup
3 items
📄️ Setup via PowerShell
The following example shows the standalone root CA procedure done previously via GUI, now via Powershell.