Jump to content


  • 0
jamitupya

Guide: Installing Active Directory Certificate Services

Question

This guide assumes you have completed Part 1 of this guide

 

 

Install the CA to the Trusted Root CA

Open IE on the Domain controller with the CA installed.

 

 

 

2009-12-08_171151.jpg

 

goto: http://localhost/certsrv

Click Download a CA Certificate, Certificate chain, or CRL

 

 

 

 

 

 

2009-12-08_171326.jpg

 

 

 

Click "Download CA certificate"

 

 

 

 

 

 

2009-12-08_171335.jpg

 

 

 

When Prompted, click OPEN

2009-12-08_171347.jpg

Click Install Certificate

2009-12-08_171355.jpg

When the Import Certificate Wizard Begins, Click Next

2009-12-08_171415.jpg

Click Browse and Select "Trusted Root Certificate Authorities"

2009-12-08_171422.jpg

Confirm your Settings and Click Finish

2009-12-08_171429.jpg

Finished

 

Share this post


Link to post
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Assigning SSL Certificate to IIS

 

Start Internet Information Services Manager Tool

2009-12-08_171513.jpg

 

 

Navigate down to the Default Site.

 

2009-12-08_171523.jpg

 

 

Right Click Select "Edit Bindings"

2009-12-08_171532.jpg

Select HTTPS and click EDIT

2009-12-08_171551.jpg

Select your Certificate from the Drop down List - Important to note, that this is extremely dangerous in production and you should ONLY use this root CA Certificate until you request a Web Server Certificate.

Click OK and Close

2009-12-08_171610.jpg

Right Click Default Site -> Manage Web Site -> Restart to restart the web service (or reboot the DC)

 

 

Finished.

Share this post


Link to post
Share on other sites

  • 0

Ehmm... Are you using the Root Certificate all the different types of communication???

 

 

 

Not in Production, but i've found this the easiest way for people who are learning to get the idea. I'd go in and generate a Web Server Certificate against the CA even in lab but we cant be expected to think for everybody can we?

 

 

EDIT: Peter, What would you put in there? Let me know i'll update....no issues with that :-)

Share this post


Link to post
Share on other sites

  • 0

Well... My honest opinion is that if somebody wants to test SCCM they should run in Mixed Mode...

 

That doesn't mean that you (we) shouldn't make Installation Guides for setting up Certificate Services, but it does mean (at least for me) that when you make a guide for Certificate Services you should do it "good". I think that when somebody wants to setup SCCM in Native Mode they should be an advanced user allready and they should know about Certificate Services.

 

I would at least mention the basic Certificates as described here: http://technet.microsoft.com/en-us/library/cc872789.aspx

 

Keep up the good work!

Share this post


Link to post
Share on other sites

  • 0

i 100% agree with you Peter :-)

 

this wasn't aimed at running SCCM in Native mode, this is something i threw together quickly as a place to start.....

 

Running Native mode has its own headaches as we are all aware of and this was a lab guide to get people thinking about certificates....

 

i will update later, or early next week with a cleaner way to do it....

Share this post


Link to post
Share on other sites

  • 0

great work, and thanks for the guidance as well Peter,

 

I have a PKI guide in the works, coming soon, i would like both of you to go through it and offer feedback once published,

 

cheers

niall

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.