Monday, May 18, 2009

Installing a certificate server

Original post

In this tutorial we will setup Certificate Services on a Windows 2003 server. I am going to use the same server as I did with the Active Directory; Windows 2003 walkthrough, so my installation will be with an already completed Active Directory Domain. If you do not have Active Directory, I recommend you do before using Certificate Services, as they do like working hand-in-hand.

First, let’s load up our server and login as the Administrator. When we are at the desktop, let’s to go Start -> Settings -> Control Panel then open ‘Add / Remove Programs’. On you’re left click on ‘Add / Remove Windows Components’. When it is fully loaded, find ‘Certificate Services’ in the list and check the checkbox next to it. A pop-up dialog will come up informing you that you cannot change the name of the machine and such when you have become an Certificate Authority, so click ‘Yes’ then click ‘Next’.

Now we are given the opportunity to choose what type of CA (Certificate Authority) we want to setup. Since this is a clean install of Windows 2003 and we don’t have any certificate servers I am going to choose the default, ‘Enterprise root CA’ and click ‘Next’.

We now have to enter Identifying Information for this CA. In the Common Name box, put a short name to describe your network or a company name, for my purposes in this document I will use Testing Walkthrough as the ‘Common name for this CA’, and click ‘Next’.

The next area you will have to configure is the Certificate Database Settings, since these are just places to store files; the defaults are good for us. Let’s continue, click ‘Next’.

Windows should start copying files, and you will probably need your Windows 2003 CD in the drive to continue.

During the copy, you may come to a popup stating that Internet Information Services is not installed on this computer, and that we will need it for Web Enrollment Support. Since I think this is usually a good system to use (Web Enrollment) lets do just that.

Click ‘Ok’ on this dialog and let Windows finish the install of Certificate Services, when it is complete you will be able to click ‘Finish’ to close the Windows Components Wizard.

You should now be back at the Add / Remove Programs window and you can once again click on ‘Add / Remove Windows Components’. In the list select Application Server (do not click the checkbox next to it) and click ‘Details’. In this second box choose ‘Internet Information Services (IIS) and it will choose ‘Enable network COM+ access’ for you. Click ‘Ok’ then click ‘Next’ on the Windows Component Wizard. Windows will now copy files from the CD and finish that installation.

Once the Window that is installing the components disappears you can close any other windows that are open, and return to the Desktop.

Let’s check our settings now…

Open; Start -> Programs -> Administrative Tools

You should have some new items! Internet Information Services and Certification Authority.

Open Certification Authority. On the left you will have the normal tree view, click on the item you named your CA when setting up the CA. Mine was ‘Testing Walkthrough’ under here you should have a ‘folder’ called ‘Issued Certificates’, click on it and on the right you should have at least one issued to the CA itself.

Most of what the Certificate Server does it automated through IIS and Active Directory. So, your job is done. Close all Windows and logout.


No comments:

Post a Comment