forked from Trietptm-on-Security/Crypto-PKI
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathInstall-CertificateServices.ps1
24 lines (16 loc) · 1.1 KB
/
Install-CertificateServices.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
################################################################
# This script demonstrates how to install Certificate Services
# on Server 2012 and later. Please don't run this in seminar
# unless asked to do so by the instructor. We normally install
# ADCS manually for the hands-on experience.
################################################################
# Exit if ADCS is already installed:
if ( $(Get-WindowsFeature -Name ADCS-Cert-Authority).installed ) { "PKI already installed!" ; exit }
# Install Certificate Services, the IIS web enrollment pages, and OCSP responder IIS app:
Install-WindowsFeature -Name ADCS-Cert-Authority,ADCS-Web-Enrollment,ADCS-Online-Cert -IncludeManagementTools
# Configure as an Enterprise Root CA with a 4096-bit RSA public key:
Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -KeyLength 4096 -ValidityPeriod Years -ValidityPeriodUnits 10 -CACommonName Testing-CA -Force
# Install the IIS web enrollment app (http://yourca/certsrv/):
Install-AdcsWebEnrollment -Force
# Install the OCSP responder app in IIS:
Install-AdcsOnlineResponder -Force