Practical Guide to PKI with Windows Server - Behind the Scenes (Part 2)

calendar Saturday, May 2, 2026 · 16 min read · Books LaTeX  ·
Share: copy

Overview

Similar to the release of the first edition of this book, I wanted to go into the details on why I created a second edition and what I learned while writing it. Just like the first time I went through this process, writing a book was harder than I thought it would be, and I wrongly assumed that creating a new edition would be a quick task to accomplish. Nevertheless, I still wanted to document the process if other people were interested in how it works, and what issues I encountered.

For the page for the book, go to Practical Guide to PKI with Windows Server - Second Edition for more details.

Why Did I Create a Second Edition?

Much like my motivations for writing a book in the first place, I really wanted to see if I could do it. I had a lot of challenges the first time that I wrote one, and I walked away with a lot of lessons on what to do and what not to do. I still maintain that I was happy with the first edition of the book, and after receiving feedback from people I realized that there were issues that I should fix. If I was going to go to the trouble of making major changes to the book, I may as well do a complete update and add in what I wanted into the new edition. I also didn’t want that copyright issue to stop me from creating something new. As annoying as that was, it was a good learning experience.

At the end of 2022, I made a brief comment about how I wanted to create a new edition, and I created a branch of the existing book a few weeks later. I initially did not make any major changes to it, I just went through the content and made whatever fixes I could that were brought up by readers, and what I found after the release on my own.

Just to be clear, the first edition was my first book that I had ever written. I am aware that there were issues with the book, and it was rough around the edges. I took feedback from a lot of customers on how to improve the book, and I have applied that feedback to the second edition.

Why Windows Server 2022?

Even though this book was initially released several years into the lifecycle of Windows Server 2022, it is still going to be supported for some time. Windows Server 2022 was released on August 18, 2021, and will be supported in one way or another until at least October 14, 2031. Windows Server 2022 is a mature, and well supported operating system that is well suited for a Certificate Authority using Active Directory Certificate Services (AD CS). Windows Server 2025 was released in November 2024, and while I could have used it as the basis for the book, I decided not to for several reasons.

Windows Server 2025 is relatively new and not widely deployed in a lot of organizations. While I have not experienced any issues with the newer version, I have heard a lot of reports on compatibility issues in production environments. I have tested the deployment on Windows Server 2025, and I only needed to make minor changes to the process to make it work, but that was not enough for me to base the book on that version.

On the topic of newer versions of operating systems, I also moved to Windows 11 for the Windows client sections of the book. Windows 10 has now gone end of life and is no longer supported for the vast majority of people, so it did not make any sense to use it for the book. There are almost no differences in the deployment of certificates on Windows 10 and Windows 11.

AD CS Guide and Book Lineage

Not that it is important, but in the process of putting this post together I went through the entire publication history of this topic and what I have published in the past. Every guide and book builds on the other in one way or another:

  1. March 2020 - Building a Certificate Authority in Windows Server 2019 - Web Edition
  2. September 2021 - Practical Guide to PKI with Windows Server (First Edition) - Print and Digital Editions
  3. April 2022 - Building a Certificate Authority in Windows Server 2019 - Digital Edition
  4. October 2023 - AD CS on Windows Server 2022 - Web Edition
  5. October 2023 - AD CS on Windows Server 2022 - Digital Edition
  6. November 2025 - Practical Guide to PKI with Windows Server (Second Edition) - Print and Digital Editions

Tracking everything in Git certainly helps in this process, and ensures that important details are not excluded from future releases.

What’s New?

Since releasing the first edition of the book I changed my workflow considerably, but luckily it did not cause too many issues with creating the new edition. Some of the major changes that I have done include:

  • I switched entirely from Windows to macOS for my primary workstation.
  • I switched completely from Bitbucket to GitHub, and I am going to switch to something different in the future (most likely an on-premise solution).
  • I dropped JIRA for tracking issues and tasks within the book and just moved to using issues within GitHub.
  • I switched from using VS Code to VSCodium. I cannot stand Copilot, and just having the option available made me switch away from it.

Luckily, these changes did not really affect the creation of the book, and this shows how flexible the LaTeX and Git stack really is for this purpose.

Getting Started

There were a lot of steps involved in creating the second edition of the book, but at a high-level here were the major steps that I followed for creating it:

  • The first step was creating a branch in Git for the second edition. I decided against creating a separate repo for the new edition, I wanted to keep everything contained in the same repository.
  • The second step was compiling a list of what I wanted to change in the new edition. I had tracked all of the issues from the first edition, as well as the list of content that I had left out of the book. I spent about a week going through the list on one monitor, and the new branch of the book in another monitor and started linking where changes needed to be made. This also involved putting in temporary placeholders for new chapters (there are three new ones) which would be completed later.
  • The third step was to go through the book one chapter at a time and completing the changes to update the content from Windows Server 2019 to Windows Server 2022. This took several weeks when I got time to do so, and I referenced the content from the AD CS on Windows Server 2022 guide to help with this. I wanted to ensure that the base content of the book was correct before I began making more changes to it. For the updates from Windows 10 to Windows 11, I waited until the book was nearly finished so that I could use the latest release of Windows 11 (24H2) at the time of release.
  • The fourth step was to begin adding new content and reorganizing existing new content into different sections and chapters in the book. This was important because there were several areas in the first book where I felt that I had things in the wrong areas of the book or in the wrong order.
  • The last step was to just finalize the book. This involved editing, updating images, fixing issues with formatting, and just ensuring that all items were covered. This was the most time consuming and I just went one chapter at a time until it was done.

I made sure to commit my changes every day, and I always left notes on what I was working on to ensure I picked up where I left off.

Tools for Writing the Book

Much like the first edition, there were several tools that I used for creating the book:

  • VSCodium - Main development environment for the book, which was previously VS Code.
  • MacTeX - LaTeX distribution for macOS.
  • GitHub - For version control with Git. This is the last project I used this for.
  • Hyper-V - For testing the steps in the book and taking screenshots.
  • Visio - For creating basic diagrams.
  • GIMP - For creating the cover page template.

Overall, I did not want to stray too far from the system that I was comfortable using. It was important to keep everything consistent to ensure that I was able to successfully complete the second edition.

I only ever printed the book once and it was when I was finished with all of the new content and fixes. I read through it three times and highlighted anything that was incorrect:

Final draft edits. Everything is broken down into chapters and sections.

This process took me a few weeks because I did not want to rush through the process, and I wanted to ensure that I actually found errors. I am glad that I went through the process, because I found a lot of small issues, and two screenshots that were incorrect.

Similar to the cover for the first edition of the book, I used GIMP to create it. I envisioned something different from the first edition, but I decided that I wanted to maintain the look since this is technically a new edition. I have decided that for my next book I will hire someone to create the cover art:

Front and back cover for the book, plus the spine text.

I had to make some minor adjustments for the hardcover version since the bleed areas are larger, but it was not a significant change.

No AI

I used absolutely no AI tools in the creation of this book.

Changes From the First Edition

Minor Changes

I worked on the first edition of the book from August 2020 to September 2021. Reading through the first edition after not working on it for a long period of time gave me the benefit of almost letting me see the book for the first time, and this allowed me to find a lot of issues with it. There were many instances of a sentences that made sense, but did not flow properly. I found that there were a lot of inconsistencies with terminologies (Email, email, e-mail, Internet, and internet) that needed to be corrected to improve the quality of the book. There were also page breaks that left a lot of whitespace in the book content, and did not look good from a finished product.

Something that I decided to change was the information boxes that were used throughout the book. The background colour did not always look correct when it was printed, and I did have some people mention that it could sometimes be difficult to read. Changing the way that it was formatted fixed the issue:

Modifications to the information boxes from the first edition to the second edition. The background colour has been removed to make it easier to read.

I also took some feedback from readers and added a new type of box that highlighted where certain modifications would need to be made to customize steps. On top of that, I also changed the way that command line steps were presented to make it more obvious to the reader.

Another minor change was that I converted from XeLaTeX to LuaLaTeX, which turned out to be a 20 minute fix. I have been using LaTeX for a long time, and it was a reflex action to use XeLaTeX. It wasn’t until someone pointed out to me how out of date it was that I decided it was time to move to something more modern and supported.

Additions

I added three new chapters to the book, one on Hyper-V, one on running AD CS on an existing domain, and one for AD CS maintenance tasks. These were mostly taken from other chapters and expanded on to provide more detail, and to provide a better way to skip those activities if they were not required.

I had several sections on Hyper-V in the test environment chapter that I had a few issues with when I released the first edition:

  • This topic was added near the end of the final tasks for the first book.
  • I had made a lot of mentions about Hyper-V, as I presented the book in a manner that you could build the entire environment without relying on third-party software. You could technically perform every step in the book with no internet access at all.
  • I wanted to put something in about Hyper-V, but it was very rough around the edges as it was late in the process, and I just wanted to release the book. It made very broad assumptions and was at best a first draft only.
  • I added it at the end of the test environment chapter. I should have made it a separate chapter, so it could be skipped if it was not applicable.
  • It really interrupted the flow of the book because it was unrelated to AD CS.

I received some feedback on this, and it was something that I wanted to address in the second edition. I had to make a decision on what I wanted to do with this section:

  1. Do I remove it entirely?
  2. Do I cut it down to the bare minimum, assuming people know enough about Hyper-V?
  3. Do I expand it into its own chapter, and allowing people to just skip it if they don’t need it?
  4. Do I move it to the appendix?

With everything going on with other virtualization platforms, I decided on the third option. I split the Hyper-V sections into a new chapter, rewrote most of what was there and expanded on it to actually include more details. I also did the fourth option.

I also put a lot more detail into virtual floppy disks. It occurred to me that there are people who have never had to work with floppy disks before, so assuming they don’t know how to work them is possible.

Another major addition was the priority of using PowerShell to complete most steps. This was presented as an alternative step in the first edition, but in the second edition it is the primary step for completing the Certificate Authority (where possible). I wanted to show that the entire process could be completed in that manner, as there are a lot of people who want to script things (myself included).

Subtractions

There were several items that I decided to remove, mostly related to Android, iOS and macOS certificate deployment. I found that the steps were mostly unnecessary, and since those operating systems are released rapidly, those sections were out of date very quickly. Information on how to deploy certificates to Linux were left in the book as those steps have not significantly changed.

I did receive some questions about the decision to include BitLocker in the first edition of the book. I left it in the second edition, but specified that it was an optional step to complete. BitLocker seems line overkill for this, but the book is presented in a manner that creates a Certificate Authority in a secure manner, so full disk encryption (FDE) is not out of the question. BitLocker is a native feature in Windows Server 2019 and 2022, so there are no licensing requirements for using it.

Book Size and Formats

One of the major things I wanted to update for the book was to use a different page size. I was happy with the page size for the first book (7.44 x 9.69 inches), but it did not work well for the electronic version of the book. It also did not work if I wanted to make a hardcover version of the book as the size was incompatible. KDP did not offer that page size for hardcover, and it would have looked awkward to format it differently for that version.

Fortunately, 8.5 x 11 inches is a common page size for electronic, paperback and hardcover, so I used that page size for the new version. I also adjusted the size of the font to be slightly smaller, as I felt the text was too big in the first edition.

It turns out that creating the book in hardcover format is actually not too difficult. The only issue was slightly modifying the cover to deal with the different bleed size, and that only took a few minutes to correct. I have no expectation that anyone would purchase that version, but I wanted to offer it regardless.

No Kindle Edition?

There is no Kindle edition of the book because I don’t want to offer the book in Kindle format. I tried using the Kindle Create application with the latest version, and the output was so horribly rendered that I would demand a refund if I bought it. I would rather people be annoyed that I don’t offer the Kindle version, than angered that it doesn’t look correct on their device.

Basically, the book does not work well with Kindle because there are too many images, too many code examples and other issues with formatting.

I could offer the book in the Kindle Print Replica format, but apparently people don’t like that version as it is essentially incompatible with traditional Kindle devices.

Oddly enough, the digital versions of the book that I do offer have never resulted in a single complaint.

Final Results

I once again used Gumroad to publish the digital version of the book. I have been quite happy with that platform, and the analytics that I get from it are quite useful. I also published it on Google Books as well, as some people asked me to make it available there.

For physical releases of the book, I once again used KDP. Before publishing it I ordered a proof copy of the book to make sure everything looked correct:

Comparison of the first and second edition covers.

Just to compare the size of the first edition to the second edition:

Comparison of the first and second edition spines.

I also checked the statistics for the book on the day that I finalized it, and I broke my previous record for the most I have ever written for one project:

Statistics for the second edition book.

For comparison, here is the word count difference between the first and second edition of the book:

  • First Edition - 86758 words
  • Second Edition - 135667 words

Something interesting happened when I finished the book. The first edition of the book was 398 pages and the second edition was 400 pages. In the process of creating the second edition I added 3 additional chapters and almost 50,000 words to the book. The reason the page count did not change was because of the increased page size and the use of a smaller font. The fact that the page count was nearly identical was mostly coincidental.

I said in the first article about this book that I was happy with the results, and I still am. At the end of the day I am much happier with this version, as I feel like the end result was closer to what I really wanted.

Future

I would like to work on something different for my next project, so I am not sure if I will revisit this topic in book form. I still have other plans for things I would like to do with the content, but that will be something that I will work on later on. Even though I don’t offer printed copies of the first edition anymore, it is still available in digital formats. I have been going back through that book and updated the format to match the second edition, and I am fixing several errors in it, so when it is completed I will replace the version that is still for sale.

If I do decide to create a third edition of the book I will not announce it, I will just post it one day if it happens.