I hate certificates. Well, a nice wildcard cert deployed internally is fine, but when there’s a faff to replace certificates and it’s been so long, that you really cannot remember what you did in the first place…I just hate it. So imagine my childish delight when I had to build AD CS!
It’s not that bad in all fairness and it boils down to make server, add role, next next next and let AD do it’s magic for all machines you need sending the certificate to within the domain. That’s just reminded me about the VDM certificate for connection servers, which will come later on.
I followed the MS lab guides and also backed this up with a very nice blog post with pretty screenshots and all worked fine. Just remember to add in any subject alternative names if you have a mixture of FQDN and abbreviated server names within your domain.