jay-miah.co.uk
Open in
urlscan Pro
92.27.71.109
Public Scan
URL:
https://jay-miah.co.uk/index.php/install-certificate-services-on-windows-server-2022/
Submission: On August 23 via api from US — Scanned from GB
Submission: On August 23 via api from US — Scanned from GB
Form analysis 3 forms found in the DOM
GET https://jay-miah.co.uk/
<form role="search" method="get" class="search-form" action="https://jay-miah.co.uk/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>POST https://jay-miah.co.uk/wp-comments-post.php
<form action="https://jay-miah.co.uk/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p>
<p class="comment-form-comment"><label for="comment">Comment <span class="required">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required=""></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required=""></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required=""></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" autocomplete="url"></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="212" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="f36f9c94c5"></p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1692784350697">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://jay-miah.co.uk/
<form role="search" method="get" action="https://jay-miah.co.uk/" class="wp-block-search__button-outside wp-block-search__text-button wp-block-search"><label class="wp-block-search__label" for="wp-block-search__input-1">Search</label>
<div class="wp-block-search__inside-wrapper "><input class="wp-block-search__input" id="wp-block-search__input-1" placeholder="" value="" type="search" name="s" required=""><button aria-label="Search"
class="wp-block-search__button wp-element-button" type="submit">Search</button></div>
</form>Text Content
Skip to content * JAY MIAH Network, Security, Architecture * Home * Network * Routing * Switching * Wireless * Security * Checkpoint Firewall * Cisco Firewall * Palo Alto Firewall * Architecture PRESS ESC TO CLOSE Search for: * Home » * Install Certificate Services on Windows Server 2022 » * * December 17, 2022December 17, 2022 * by Jay * Security INSTALL CERTIFICATE SERVICES ON WINDOWS SERVER 2022 A Certificate Authority is an entity that stores, signs and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures made about the private key that corresponds to the certified public key. Microsoft’s Certification Authority is based on Public Key Infrastructure. The Active Directory Certificate Services role can be deployed on most Windows Server operating systems and provides the ability to act as an Enterprise or Standalone Root CA. Using a Windows Root CA server is very useful for many applications, for example – if deploying 802.1x with certificate-based authentication or EAP-TLS for Wireless 802.1x, a Windows Server provides the ability to enrol and automatically distribute certificates to endpoints with ease through Microsoft Group Policy. A CA Server can also be used to sign certificates for Servers, Network and Security Devices within an internal organisation. Certificate based authentication is considered one of the most secure methods as its uses public key and private key to encrypt and decrypt data. In this basic step-by-step guide, we will install the Active Directory Certificate Services role and configure it. A fresh new virtual instance of Windows Server 2022 has been installed, this server has been renamed, basic networking has been configured and it has been joined to the Active Directory Domain. Let’s get started! INSTALL THE CERTIFICATION AUTHORITY SERVER ROLE 1. Login to Windows Server 2022 and launch “Server Manager” 2. Click the “Manage” button select “Add roles and features” 3. At the Wizard click “Next” 4. Select “Role-Based or Feature-based installation” and click “Next” 5. Click “Select a server from a server pool” and highlight the current server, click “Next” 6. Tick the “Active Directory Certificate Services” box, a new Window will pop up click “Add Features” 7. Click “Next” 8. At the features window, click “Next” we are not installing any additional features 9. Read of the role description and, note the tasks that cannot be performed once the CA role is installed. click “Next” 10. From the role services list select “Certification Authority” and “Certification authority Web Enrollment” Click “Add Features” at the popup for IIS installation 11. Click “Next” 12. Click “Next” 13. Click “Next” 14. Select the “Restart the destination server automatically if required” tick box. This will allow the server to restart automatically if a reboot is required at the end of the install. Finally click “Install” 15. Once the role is installed, click “Close” CONFIGURE THE ROLE 1. From Server Manager click on the yellow warning message, select “Configure Active Directory Certificate Services on this Server” 2. At the configuration wizard click “change” 3. Provide the Domain Admin user account credentials and click “OK” 4. Note the change in the “Credentials” window, click “Next” 5. Tick both role services and click “Next” 6. Select “Enterprise CA” and click “Next” 7. Select “Root CA” and click “Next” 8. Select “Create a new private key” and click “Next” 9. Leave the default values for the private key information and click “Next” 10. Specify the common name for the CA or leave as default. Click “Next” 11. Specify the CA Certificate default validity period, this is set to 5 years by default, this can be changed if required, Click “Next” 12. leave the default location of storing the database files and click “Next” 13. Review the configuration and click “Configure” 14. Once configuration has successfully completed, click “Close” CONFIGURE IIS By default, IIS does not have HTTPS enabled for the web enrollment service, we need to allow HTTPS connections and define a certificate for the service to use. HTTP connections will work, however in the event the CA server is being accessed from another source to request a certificate, the credentials will be sent over in clear text. It’s important we modify this to use SSL. 1. Click “Start” and type “IIS Manager” 2. Expand “Server Name” – “Sites”, right click “Default Web Site” and select “Edit Bindings” 3. Click “Add” 4. Select “https” then from the “SSL Certificate” drop down menu, Select the Server certificate that should have been generated automatically by the CA, in this case it’s the “LNS-LNS-CA-01-CA”. If for any reason this certificate is not yet present, one can be generated by selecting “Create a Self-Signed” Certificate” from the right-hand pane within IIS. Click “View” to check the contents of the certificate, then click “OK, and “OK” to save the changes and return to the IIS window. 5. From the right-hand pane within IIS, select “Browse*:443 (https)” 6. The browser will launch with “https://localhost/certsrv” in the address field. Click “Continue” From the web interface, we can start requesting certificates from the CA for our organisation. To access this portal from other devices, you can navigate to “https://IP Address or DNS name/certsrv” Tags: CA, Certificate, Certificate Authority, Encryption, PKI, SSL Share * * * * Troubleshooting logging on Checkpoint R77.30 Windows Management Server LEAVE A REPLY CANCEL REPLY Your email address will not be published. Required fields are marked * Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment. Δ Search Search RECENT POSTS * Install Certificate Services on Windows Server 2022 * Troubleshooting logging on Checkpoint R77.30 Windows Management Server * Getting Started with Cisco Configuration Professional to Configure a ZBF * A Look at BPDU Filter and its Potential to Cause a Network Loop * VLAN Hopping Concept, Attack example and Prevention RECENT COMMENTS No comments to show. * LinkedIn Copyright All Rights Reserved 2022 Theme: Puskar by Template Sell. * Home * Network * Security * Architecture