CA Documentation

[johnwbaker]

Overview of Changes

NOTE:
disregard September's "add files," added some notes to the repo but deleted them later on

General overview of what has been changed

Added documentation for specific processes of CA such as installation, setup, cert generation, cert signing

Reason for Modification

Previous CA directory was rather barebones and simple, wanted to extend some of the explanations

Verification

• [ X ] The documentation is completed, or does not contain work-in-progress/partially-completed sections.
• [ X ] The documentation is written in Markdown (Exception for Inject and Incident Reports).
• [ X ] Any Images are contained in a subdirectory Images.
• [ X ] Any scripts, Ansible Playbooks, Terraform scripts, etc. Have documentation explaining their purpose and use case.
• [ X ] Any scripts are tested.
• [ X ] I have assigned and notified a reviewer.

[ChrisM09]

Technically the private key doesn't need a password (if you add -nodes to the command to let that happen). It's a good practice though. Just something to note.

[ChrisM09]

Overall pretty good. A few things though.

1. Add a header for each guide giving a title of it (imagine these were printed out, we're not going to know what file this is if we're looking at unlabeled sheets. Could also cause confusion where it could be "is this page 2 of the stuff")

2. Add yourself as author so we can blame you when things go wrong :)

3. Give a summary of what the document is. The TLDR is nice, might want to format it so it gets highlighted in a "Note" block. Just makes it more efficient to see what you want to emphasize.

Important

Like this

4. Might want to add some note or warning blocks to steps that require some prerequisites or is prone to some behavior.

[DaintyJet]

Minor wording changes and formatting

[DaintyJet]

Rather Than using bolds to create section headers I would use the # marks to make headers.

As Chris mentioned adding a document header with the title of the page would be good since it helps orient us and if it were to be printed that would also be useful.

[DaintyJet]

Suggested change

	# Adding Trusted Certificate
	Author: <You>
	---

[DaintyJet]

Add title and author tag (Keep old text below the ---)

Suggested change

	On every install of Windows Server, service named "Server Manager" will be mainly used to install and modify features.
	# Certificate Authority Installation - Windows Server 2019
	Author: <You>
	---

[DaintyJet]

For the text I think it can be cleaned up a little bit.

something like

Suggested change

	On every install of Windows Server, service named "Server Manager" will be mainly used to install and modify features.
	On Windows Server installs, the *Service Manager* service is used to install and modify features on the server. It is no different in this case and will be used to install our Certificate Authority.

[DaintyJet]

reword a little bit

Suggested change

	Connect to your machine and find your way to the Server Manager service (should be able to search for the program if it does not automatically show up, 'servermanager' from Win+R).
	Once connected to the Windows Server you want to deploy the CA on, if the *Server Manager* has not already opened search for the program by typing `servermanager` in the window that opens once you hit `Win + R`.

[DaintyJet]

Suggested change

	Selecting open on this file will move it into the "Pending Requests" folder associated with your Certification Authority. Click on the arrow next to your CA and navigate to said folder. Find the specific request (it is probably worth deleting old requests as to not get swarmed with requests), right click it, hover over "All Tasks" and select "Issue."
	Selecting open on this file will move it into the "Pending Requests" folder associated with your Certification Authority. Click on the arrow next to your CA and navigate there. Find the specific request, right click it, hover over "All Tasks" and select "Issue."
	> [!NOTE]
	> You should probably delete old requests you have fulfilled to not get overwhelmed with requests.

[DaintyJet]

Its obvious, but maybe add a little context with something like "sent back to the requestor with SCP"

[DaintyJet]

As "Original Machine" is fine, but maybe being a little more specific can be good?

[DaintyJet]

I would suggest moving the parens note "(once again, it is...)" to a NOTE block

Suggested change

	To do this, right click on the issued certificate in the list (once again, it is recommended to remove old certs), and select "Open."
	> [!NOTE]
	> We again recommend removing old certificates...

[DaintyJet]

Probably want to reword the first half.

Suggested change

Keeping all options as default, unless otherwise necessary, the only necessary page is the page in which you are saving the name of the certificate. Save it to a path you will remember, and while any name is fine, it is recommended to name it as yourdomain.cer. This can now be sent back to the machine.

Unless required you can keep all of the options at their default values, the only page we need to be worried about is the one where we specify the name of the certificate. Make sure you save it to a path that you will remember, and the name provided to the file does not matter much though it is recommended you provide the file extension `.cer`. Once completed you can transfer this file to the target machine.

[DaintyJet]

Probably add details or link to document on adding the root CA or intermediate CA to the trusted certificate store