Wednesday, 10 August 2011

Trust me, I'm a Certification Authority.The joy of certificates - Part 3

I thought it would be instructive to install a Certification Authority (CA henceforth) using Windows 2008, I might do a windows 2003 CA if I'm bored one of these days, and show how to run a secure website with client authentication via certificates.

I have a brand new VM with Windows 2008 R8 datacentre edition installed that has been joined to my domain. Start the Server Manager:

When you select CA web enrollment, you'll get the following popup:

From here on, simply accept the defaults until you get to the last screen:

You can see that the CA certificate has been installed to the Local Computer Trusted CAs:

You can now create certificates by visiting http://localhost/certsrv

That's really it for a CA. In order to make this useful, your other servers will need to trust this CA, which you can do by hitting the Download a CA certificate, certificate chain, or CRL link:

You'll be prompted to save the certificate to a file, I accepted the default certnew.cer. You can now install this certificate in another server so this CA is trusted.

So, logged in to the remote server, double click on certnew.cer

 You can now drag and drop the certificate to the Local Computer Trusted Root Authority Store

Now we can install a certificate from this CA on our web server. See the next post for details on how to do this.

No comments:

Post a Comment