Thank you for this lab.
(and yes...it will help a lot, when you will document different server names etc....)
One question I have: After 1 year, when the RootCA is always offline and the published .crl is outdated.......what is to do? Just publish a new crl list from the RootCA and copy this to AD and the webserver?
Hi
I think in this:
certutil -config "IssuingCA.windowsnoob.lab.local\windows noob Issuing CA" -ca.cert windowsnoobissuingca.cer
the path where to store the .cer is missing.
When I'm using
certutil -config "IssuingCA.windowsnoob.lab.local\windows noob Issuing CA" -ca.cert c
:\temp\windowsnoobissuingca.cer
then I can find and import the certificate
Thank you for the lab (up to part 6 its all working fine)
Just a short question: how can I add templates? My PaloAlto FW needs the Subordinate Certification Authority template for inspecting network traffic. It is only with "new - certificate template to issue"? (This sounds too easy 🙂 )
And what is the reason for using the template = 0 in the CAPolicy.inf file?
Best from Singapore
Lutz
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.