Practical Guide to PKI with Windows Server - Second Edition

calendar Tuesday, November 4, 2025 · 4 min read · ADCS Books Windows Server  ·
Share: copy

Overview

Now available for sale, the follow-up to the Practical Guide to PKI with Windows Server book that I published in 2021. This new edition has been greatly updated and expanded from the previous version, and builds on steps that were not included in the original book. Just like with the original book, it is available in multiple formats, and this page will be updated in the future as more formats are released.

The book is available for sale on Gumroad in PDF format:

Buy on Gumroad

The book is available for sale on Amazon in paperback format:

Buy on Amazon (Paperback)

The book is also available for sale on Amazon in hardcover format:

Buy on Amazon (Hardcover)

Background

A Certificate Authority forms the basis for a Public Key Infrastructure and implementing a PKI within an organization can greatly increase security. Implementing a PKI within an organization can add multiple security features which include:

  • Eliminating self-signed certificates in the network.
  • Enabling email encryption and digital signatures.
  • Implementing certificate authentication with VPN services.
  • Implementing network security for users on wired or wireless connections.
  • Protecting internal resources with an additional layer of security using certificates.
  • Utilizing certificates for application authentication and automation.

Microsoft created the Active Directory Certificate Services (AD CS) role, which allows for the creation of a Certificate Authority using only native features available within Windows Server. AD CS is a modern PKI solution which supports multiple configurations and can be implemented in multiple configurations to work for an organization. It has the ability to be deployed for a small company or be scaled up to work for thousands of endpoints for a large organization with complex configurations.

What’s Inside?

  • Updated guide for Windows Server 2022 and Windows 11.
  • An in-depth step-by-step guide for building all components of a Certificate Authority.
  • A complete guide to implementing a Two-Tier Certificate Authority using AD CS.
  • A complete guide to installing, configuring, and managing Hyper-V.
  • A guide to implementing an Offline Root CA and an Enterprise CA.
  • A guide to implementing OCSP with AD CS.
  • An optional guide for rapidly deploying a CA using AD CS.
  • Over 200 CLI commands and configuration examples.
  • Over 290 screenshots and diagrams.

Table of Contents

Included in the book are 15 chapters which explain the process for creating a Certificate Authority using Active Directory Certificate Services:

  1. Public Key Infrastructure Overview
  2. AD CS Overview
  3. Test Environment Overview
  4. Hyper-V Setup and Configuration
  5. Domain and Workstation Setup
  6. Offline Root CA Setup
  7. Subordinate CA Setup
  8. Deploy CA Certificates
  9. Online Responder Role
  10. Private Key Archive and Recovery
  11. Certificate Templates
  12. Certificate Enrollment
  13. AD CS Maintenance Tasks
  14. AD CS on an Existing Domain
  15. AD CS Quick Start

Also included is a glossary, a list of all commands used in the book and a complete index.

Who Is This Book For?

The purpose of this book is to create a Certificate Authority using Active Directory Certificate Services (AD CS) with Windows Server. This book offers a comprehensive step-by-step guide that demonstrates how to successfully create a Certificate Authority using those technologies.

This book also explains each step, the necessity of that step, and the importance of that step within the Certificate Authority. The results of this book will create a Certificate Authority that can issue certificates internally within an organization in a secure manner, using best practices.

This book is meant for developers, network administrators and systems administrators who have a basic understanding of Windows Server and Public Key Infrastructures and need to deploy a Certificate Authority rapidly within their environment for various purposes. By using the steps provided in this book, there will be a Certificate Authority framework created that can be customized for whatever requirements are needed in any environment.

This book is also meant to be used by developers, network administrators and system administrators who can interpret this guide and modify it for their existing environment. Simply following this guide will not implement a functioning PKI for your organization, you will need to modify the steps accordingly to make it function properly. This means creating different servers, modifying steps for different Active Directory domains, modifying LDAP settings, modifying file paths, creating different certificates, and other critical steps as needed.

The contents of this book are presented in a thorough, but easy to follow manner. Screenshots are provided for important steps for verification purposes and to demonstrate how the environment should be configured.

Updates and Additional Materials

If there are any updates for the book or additional materials, they will be posted to this page.

External Resources

For anyone who purchased the physical edition of the book, a complete command listing is available.