Guide: Installing Active Directory Certificate Services

[jamitupya]

This guide assumes you have completed Part 1 of this guide

 

 

Install the CA to the Trusted Root CA

Open IE on the Domain controller with the CA installed.

 

 

 

 

goto: http://localhost/certsrv

Click Download a CA Certificate, Certificate chain, or CRL

 

 

 

 

 

 

 

 

 

Click "Download CA certificate"

 

 

 

 

 

 

 

 

 

When Prompted, click OPEN

Click Install Certificate

When the Import Certificate Wizard Begins, Click Next

Click Browse and Select "Trusted Root Certificate Authorities"

Confirm your Settings and Click Finish

Finished

 

[jamitupya]

Assigning SSL Certificate to IIS

 

Start Internet Information Services Manager Tool

 

 

Navigate down to the Default Site.

 

 

 

Right Click Select "Edit Bindings"

Select HTTPS and click EDIT

Select your Certificate from the Drop down List - Important to note, that this is extremely dangerous in production and you should ONLY use this root CA Certificate until you request a Web Server Certificate.

Click OK and Close

Right Click Default Site -> Manage Web Site -> Restart to restart the web service (or reboot the DC)

 

 

Finished.

[Peter van der Woude]

Ehmm... Are you using the Root Certificate all the different types of communication???

[jamitupya]

Ehmm... Are you using the Root Certificate all the different types of communication???

 

 

 

Not in Production, but i've found this the easiest way for people who are learning to get the idea. I'd go in and generate a Web Server Certificate against the CA even in lab but we cant be expected to think for everybody can we?

 

 

EDIT: Peter, What would you put in there? Let me know i'll update....no issues with that :-)

[Peter van der Woude]

Well... My honest opinion is that if somebody wants to test SCCM they should run in Mixed Mode...

 

That doesn't mean that you (we) shouldn't make Installation Guides for setting up Certificate Services, but it does mean (at least for me) that when you make a guide for Certificate Services you should do it "good". I think that when somebody wants to setup SCCM in Native Mode they should be an advanced user allready and they should know about Certificate Services.

 

I would at least mention the basic Certificates as described here: http://technet.microsoft.com/en-us/library/cc872789.aspx

 

Keep up the good work!

[jamitupya]

i 100% agree with you Peter :-)

 

this wasn't aimed at running SCCM in Native mode, this is something i threw together quickly as a place to start.....

 

Running Native mode has its own headaches as we are all aware of and this was a lab guide to get people thinking about certificates....

 

i will update later, or early next week with a cleaner way to do it....

[anyweb]

great work, and thanks for the guidance as well Peter,

 

I have a PKI guide in the works, coming soon, i would like both of you to go through it and offer feedback once published,

 

cheers

niall

[Steven Hammer]

Great Demo. Thanks a lot.