Active Directory Certificate Services Overview

http://technet.microsoft.com/en-us/library/hh831740.aspx

A blog with Posts about different PKI related Topics: http://blogs.technet.com/b/xdot509/
Windows PKI Blog: http://blogs.technet.com/b/pki/

Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services 

a good starting Point (2 parts) with detailed explaination about implementing a PKI

http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx

http://blogs.technet.com/b/yungchou/archive/2013/10/22/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-2-of-2.aspx

   

A film about upgrading a 2 Tier MS Infrastructure (with same Comput host Name) http://www.youtube.com/watch?v=2sQxMQRbNII


Different Topics

The following link describes how you can delete expired certificates from your PKI database

http://blogs.technet.com/b/xdot509/archive/2013/05/10/operating-a-windows-pki-removing-expired-certificates-from-the-ca-database.aspx

 

Two sample CAPolicy.inf - Files as a prerequisite before installing the Server Role:

 

Root - CA (offline / Standalone)

[Version]
Signature="$Windows NT$"
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
Notice="Legal Policy Statement"
URL=http://www.gibel.net/ca/cps.txt
[Certsrv_Server]
RenewalKeyLength=4096
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
CRLPeriod=weeks
CRLPeriodUnits=26
CRLDeltaPeriod=Days
CRLDeltaPeriodUnits=0
LoadDefaultTemplates=0
AlternateSignatureAlgorithm=1

Issuing - CA (online / Enterprise)

 [Version]
Signature="$Windows NT$"
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
Notice="Legal Policy Statement"
URL=http://www.gibel.net/ca/cps.txt
[Certsrv_Server]
RenewalKeyLength=2048
RenewalValidityPeriod=Years$
RenewalValidityPeriodUnits=5
LoadDefaultTemplates=0
AlternateSignatureAlgorithm=1

 

Save As and ensure that you are saving an ANSI file named CAPolicy.inf in the C:\Windows folder. You will have to switch the Save as type to All Files in order to get the inf extension instead of txt extension. When prompted to replace CAPolicy.inf, click Yes.