Select Create a new private key, and click Next. Select Configure Active Directory Certificate Services on the destination server, and click Next. Allow several minutes for the process to complete. Select Certification Authority, and click Next.Ĭlick Install. Under Server Roles, select Active Directory Certificate Services, and click Next.Ĭlick Add Features, and click Next, and then Next again. Select Role-based or feature-based installation, and click Next.Ĭlick Select a server from the server pool, and from Server Pool, select the server on which you want to install the Certification Authority. Open Server Manager and choose Add roles and features, and click Next. If a Certification Authority already exists in your environment, skip this section and proceed to YubiKey Minidriver Installation. For more information, see the Microsoft documentation: Creating a Certification Authority As an additional security measure, consider installing the Root CA on a standalone offline server, and use a Subordinate CA for all certificate signing. Microsoft recommends that you do not deploy a Root Certification Authority (CA) on a Domain Controller. For information about implementing advanced configurations, see this Microsoft Technet article ( (v=ws.10).aspx).īefore you create a Certification Authority (CA), be sure you set up a Microsoft Windows Active Directory domain environment. These instructions include steps for a basic configuration. IMPORTANT: The installation should be performed by an experienced system administrator. NOTE: If a Certification Authority already exists in your environment, skip this chapter and proceed to YubiKey Minidriver Installation. These steps assume an Active Directory environment is already stood up and configured. This chapter covers the basic configuration for setting up a new Certification Authority (CA) to a Windows Server (2016 and above). In order to utilize the Smart Card functions in a Windows environment using the YubiKey Minidriver, a Certification Authority (CA) must first be stood up. Protecting Microsoft Cloud Environment with a YubiKeyĬonfiguring a Certification Authority (CA) for Smart Card Authentication.Adding an Enterprise Root Certificate to the YubiKey.Working with Enterprise Root Certificates.Modifying the Windows Registry to Delay the Smart Card Removal Policy Service.Editing Group Policy to Lock the User's Workstation when a Smart Card is Removed.Changing the Behavior for Your Domain When You Remove the Smart Card.Adding ECC Through a Group Policy Object.Adding Support for Elliptic Curve Cryptography (ECC) Certificate Login.Configuring a Certification Authority (CA) for Smart Card Authentication.Previous: YubiKey Smart Card Deployment Considerations
Main Page: YubiKey Smart Card Deployment Guide
0 kommentar(er)
