Lutz Rahe

Thank you for this lab. (and yes...it will help a lot, when you will document different server names etc....) One question I have: After 1 year, when the RootCA is always offline and the published .crl is outdated.......what is to do? Just publish a new crl list from the RootCA and copy this to AD and the webserver?

Hi I think in this: certutil -config "IssuingCA.windowsnoob.lab.local\windows noob Issuing CA" -ca.cert windowsnoobissuingca.cer the path where to store the .cer is missing. When I'm using certutil -config "IssuingCA.windowsnoob.lab.local\windows noob Issuing CA" -ca.cert c :\temp\windowsnoobissuingca.cer then I can find and import the certificate

Thank you for the lab (up to part 6 its all working fine) Just a short question: how can I add templates? My PaloAlto FW needs the Subordinate Certification Authority template for inspecting network traffic. It is only with "new - certificate template to issue"? (This sounds too easy 🙂 ) And what is the reason for using the template = 0 in the CAPolicy.inf file? Best from Singapore Lutz