Thanks for this. Previous IT guy installed ADCS on a DC that was due for a replacement, and I ended up completely breaking the DC while removing the AD roles. I’ve been trying to figure out how to do this for a few days now and you’ve really helped out.

!!Excelente Contenido muy bien explicado saludos de Guate

Awesome content, very clear and precise. You indeed explained it like a professor but nailed it like a rockstar! :)

Finally !!! Someone doing it right ! In every single video I've seen so far CA was being installed on the DC 😵😵

Amazing video you have created, very detailed and simple explanation. thank you sir.

Hey Professor, keep up the good work!

Thank you so much. I was over-thinking my setup. I was using the wrong choice in the CSR request. Duh for me. Thanks for clarifying!!!!!!

thanks, that explaned my problem to get my sertificate to work. (install domain before sertificate) now it work.

Really nice ..explained

thanks , it is a very clear explaination

I am very grateful sir, you just saved my job. God, or whoever you believe in, bless you !

Great video!!

I cant believe this is free. Thank you.

Its nice and wonderful explanation how certificate works

Very helpful! A bit ironic that you are showing how to do Windows infrastructure from a Mac! LOL

Thank you for This VDO.

This is exactly how a live demonstration in classroom should look like. I watched your video a couple of years ago and helped me for academic purposes. Now that I have to actually work with certificates I have a better picture. Thank you so much, you excel at explaining concepts. Just a couple of questions, if you have the time to reply: what happens if after installing the certificates signed by the internal CA I decide to use a different web browser such as Firefox or Chrome? Do I have to manually install the certificate on the workstation even if I have 100 computers?

Hi Andrew Sir, I hope you're doing well. I wanted to check if the video mentioned above can guide me in installing it on my existing infrastructure. My main server isn't responding well, so I plan to set up another primary server and transfer the FSMO role to the secondary one. After that, I'm looking to install the AD DC certificate. Could you confirm if this is the right approach?

*you need to be a Domain Admin, tried it as a normal domain member and the Enterprise CA option was greyed out.

Well explained

Thanks for your tutorial. How could I get p12 of the p7b certificates downloaded?

Thanks very much for the clear and informative video! I wanted to add that after setting all this up, the certificate I issued in my home lab for my Nginx Linux reverse proxy was failing until I added subjectAltName to the certificate request. Hopefully, this can save someone experiencing the same issue from the hours of aggravation I had! I did have a follow-up question. I added the CA roles to a headless VM (Windows Server 2019 Standard) and I don't get the Certificate Authority tooling as a result. I tried adding the feature to my Hyper-V host server, but it throws an error on start, and it isn't an option for the CA server. Is there a way to get the tooling working? Thanks again!

All of the web services or stuff like IPMI need a private key alongside the certificate- How do you get that one? Could not find any information about it

Hey Professor, thank you for your truly enlightening videos! As a recent graduate, I'm currently assisting an enterprise client on a private isolated network. They have Windows Server 2019 and Windows 10 workstations, and they're eager to enhance their network security and encrypt the traffic. I've configured Active Directory, user accounts, and security policies, but I'm unsure about encrypting the traffic between clients and the server. Can AD CS help in my case , what are your recommendations ? Thank you in advance for your valuable advice!

Thanks for the tutorial Professor! Is this the same setting for authenticating outlook app using CBA? is there more videos on this subject

Thanks for your informative video. Question: Are there any security concerns about installing ADCS on a DC? The DC doesn't give you any warnings when you try to do so. I have read different views on this online. Please advise. Thanks

it is a very clear explanation. thank you, sir. Do we need to add the centos to DC server as a member ?

i followed your part, but each time for example when we try in the IE browser to go to the link what is running on XAMP it still says not secured. and then when viewing the certificate it is the localhost and not the certificate, how to change this?? having several virtual machines. dc01 (ad-ds) dc02 (ca etc) file01 (fileserver) srv-app (xamp running with web application) and the web application when we go through our network the link is not secured. have tried to import it as well via mmc on the srv-app from the file01 since it is a shared folder it sees the certnew ....

our domain computer keeps installing internet certificate when they are connected outside the LAN. When they return back to the LAN the internet certificate block them from accessing the LAN unless you delete. How best can I handle this?

Have you cover the case with Chrome and Firefox?

Thanks a lot for that nice demonstration and explanation. :-) You mentioned that FireFox and Chrome use their own certificate stores. But what about Edge.? My expectation would be that Edge clients in the same domain would also trust the domain generated certificate automatically since it is also a MS product and IE is basically dead especially since Win 11. Can you confirm that?

Question it appears the MS Certificate Service only works to clients on the domain. If I use it for outside public internet I get a Cert Error? Does this mean we have to pay for Certs?

i know your a professor and all, but did you choose AD integrated because your relying on windows integrated auth? because you really didn't use any of the other features of AD integration, such as "Request Domain Cert" which, i may add, will handle RENEWALS for you automatically.. as opposed to your manual request, wich will require you to manually renew. or am i really off base here?

Good video. Next time enlarge windows for better visualization.

can you teach a web server access algorithm via pki or fingerprint

Hey, very nice video but I am stuck on something and I can't seem to find a solution. I am running my AD and CS service on the same server (just for testing since my hardware resources are limited) and after following your steps I can successfully visit the site via https ON THE SERVER itself but as soon as I try this on a computer, which is joined the domain, I get an error that the site is unsecure. I tried importing the ca.cert again in the trusted root ca's on the windows machine but despite that it still gives me the same error. Could you, or someone else, help me figure this out because I don't know what to do anymore. I'm pretty new to the certificate stuff as well.

Sir, please use lower resolution on your computer, I am trying to watch this video on my small-screen laptop, can't see your screen well

Hey Professor, Do you offer your tech expertise as a freelancer..

How to import 3rd party certificates

hi Professor

please