Nathan McNultyMay 4, 2023

In case it's helpful for anyone else, I quickly documented how to create a CA for your lab

OpenSSL offline root CA, ADCS as Intermediate CA, and for fun, GitHub + Azure Static Website to host the CRLs :p

Microsoft Tunnel and EAP-TLS posts in the works :)

https://blog.nathanmcnulty.com/lab-certificate-authority-setup/

Lab - Certificate Authority Setup

I know there are hundreds of posts out there on how to do this, but I really documented this for my future self as something that is really fast, easy, and repeatable when I need to stand up a lab for testing with Azure AD and Intune :) 💡I am not

Nathan McNulty
Show threadInterpipes 💙
@nathanmcnulty I end up using portable xCA quite often for internal CA stuff. The whole gui and the database can all live on removable media.
May 4, 2023 at 8:30pmWeb
Show threadNathan McNultyMay 4, 2023

@interpipes That's pretty cool! I thought about using Smallstep for my example.

We didn't have an HSM, so we did OpenSSL on an encrypted removable drive (a couple actually, one offsite backup and one on-site in a fire safe).

The hope is you only have to use it once or twice during your lifetime, lol