Configure Active Directory Certificate Services (ADCS) Web Server SSL-TLS Templates

Описание: Building on previous videos covering user and computer certificate templates, this tutorial dives into configuring SSL/TLS Web Server certificate templates in Active Directory Certificate Services (AD CS), including support for multiple Subject Alternative Names (SANs) to secure HTTPS and multi-hostname services.


Applies to:
✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016, ✅ Windows Server 2012R2, ✅ Windows Server 2012


Chapters:
0:00 Introduction
0:33 Create an AD Group for Servers
1:57 Create New Web Server Template
3:58 Web Server Enrollment
5:51 Name Resolution Requirements
6:04 Name Resolution: DNS
6:38 Name Resolution: HOSTS File
7:28 Export Certificate
7:43 Export: Computer Certificates MMC
8:46 Export: PowerShell
9:20 Export: Check the Exported PFX File
9:47 Example Usage
10:18 Manage Private Key Permissions
11:26 Thank you for watching!
11:49: Links


Glossary:
ADAC = Active Directory Administrative Center
ADCS = Active Directory Certificate Services
ADDS = Active Directory Domain Services
ADUC = Active Directory Users and Computers
AIA = Authority Information Access
CA = Certificate Authority
CDP = CRL Distribution Point
CN = Common Name
CRL = Certificate Revocation List
CSR = Certificate Signing Request
DN = Distinguished Name
EFS = Encrypting File System
FQDN = Fully Qualified Domain Name
GPO = Group Policy Object
HTTPS = HyperText Transfer Protocol Secure
MMC = Microsoft Management Console
OCSP = Online Certificate Status Protocol
OU = Organizational Unit
PAW = Privileged Access Workstation
PFX = Personal Information Exchange
PKI = Public Key Infrastructure
RSA = Rivest–Shamir–Adleman (a public-key encryption algorithm)
RSAT = Remote Server Administration Tools
SAN = Subject Alternative Name
SHA = Secure Hash Algorithm
SNI = Server Name Indication
SSL = Secure Sockets Layer
TLS = Transport Layer Security
UPN = User Principal Name


GitHub (commands):
https://github.com/DariensTips


Commands:
Get-ChildItem Cert:\LocalMachine\my
$daCert=Get-ChildItem Cert:\LocalMachine\my\[thumbprint]
$mypwd = ConvertTo-SecureString -String 'yourGoodPwssd' -Force -AsPlainText
Export-PfxCertificate -Cert $daCert -FilePath [path]\[filename].pfx -Password $mypwd

certutil.exe -dump [path]\[filename].pfx.pfx
certutil.exe -p a -dumppfx [path]\[filename].pfx
Get-PfxCertificate [path]\[filename].pfx | Select-Object *
Get-PfxCertificate [path]\[filename].pfx | Select-Object -ExpandProperty DnsNameList


Links:
https://cabforum.org/
https://docs.digicert.com/en/trust-li...
https://knowledge.digicert.com/genera...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/pow...
https://learn.microsoft.com/en-us/sql...
https://learn.microsoft.com/en-us/win...
https://learn.microsoft.com/en-us/win...
https://learn.microsoft.com/en-us/win...
https://learn.microsoft.com/en-us/win...
https://learn.microsoft.com/en-us/win...
https://www.cloudflare.com/learning/s...
https://www.digicert.com/faq/public-t...
https://www.digicert.com/faq/public-t...
https://www.rfc-editor.org/rfc/rfc528...


Hashtags:
#ADCS #WebServerCertificate #ActiveDirectory #CertificateAuthority