Configuring of the AD Certificate Services on Windows Server 2022 Base on Amazon
To connect via RDP, you must create a password for the connection first. To do this, use the following Guide.
- Run the “Remote Desktop Connection” shortcut “Win + R”. In the window that appears, enter “mstsc” and click “OK”.
- In the window that appears, enter the IP of the virtual machine and click “Connect”.
- In the window that appears, enter your username and password and click “OK”.
- Check the box and click “Yes”.
- Once logged in, open up “Server Manager“.
First task is to decide if this will be an Enterprise CA or Standalone CA. If it will be an Enterprise CA then you will need to add this VM to your Active Directory domain otherwise you can leave as a member server and run as a Standalone CA.
- Next is to run the setup wizard from the notification alert in Server Manager
- On the Credentials page, you can see the Administrator is displayed in the Credentials box. Click Next.
- On the Role Services page, select the Certification Authority check box Click Next.
- On the Setup Type page, select Enterprise CA as the CA type to allow integration with your AD Or Standalone CA if you want to run this as a member server in a workgroup.
- On the CA Type page, Select Root CA if this is the first CA in your environment or Subordinate CA if you have an established PKI already, Click Next.
- On the Private Key page, choose between Create a new private key or Use existing private key. Click Next.
- On the Cryptography for CA page:
- Select the default cryptographic provider as RSA#Microsoft Software Key Storage Provider.
- Select Key length as 2048 or above.
- Select SHA1 as the hash algorithm and click Next.
- On the CA Name page, specify the name of your CA in the Common name for this CA text box.
- On the Validity Period page, select the number of years for the certificate to be valid.
- On the CA Database page, specify the locations for the database and database log files. Click Next.
- On the Confirmation page, click Configure. Results screen appears after configuration is complete.
- After completing the setup you can use Certification Authority
If you have a network security group or firewall appliance in front of your new AD CS virtual machine you’ll need to check you have the following firewall ports open.
Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment
You can open ports in the Security group in AWS Firefall.
Once you have your CA setup, you’re now ready to start deploying certificates. The following article has a great tutorial on this: