Posts tagged Root

This guide explains how to install and configure an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.

This guide is splitted in three seperate parts:

• Part 1: Introduction and pre-installation tasks
• Part 2: Encrypting the drive of the Root CA using BitLocker
• Part 3: Installing Active Directory Certificate Services on the Root CA

Main reason to configure the Root CA on a core edition is to lower the attack surface. The attack surface should be as low as possible to prevent hackers from stealing the private key of the root certificate. Therefore most of the time the Root CA will be shutdown and disconnected from the network. More about security hardening on an Root CA in a later article.

Prerequisites

The following must be available before using this guide:

• A dedicated physical or virtual machine;
• Root access to the server (ILO, VMware, vSphere console);
• Windows Server 2008 R2 core edition already installed;
• Hostname and network settings already configured;
• Very complex password set for the administrator account;
• Firewall must be on with no exceptions;
• Access to Windows update, WSUS, SCCM or other patching mechanism.

Installation steps

(more…)