Differences between revisions 11 and 43 (spanning 32 versions)
Revision 11 as of 2017-10-03 21:25:36
Size: 1770
Editor: scot
Comment:
Revision 43 as of 2024-10-31 18:24:29
Size: 2295
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 1. Use the videos in this section to Install a AD Certificate server on CPTE230A.
 1. Use the videos in this section to Install IIS with an X.508 certificate for your default site on CPTE230B
 1. Use the videos in this section and course lecture notes to Create and deploy a Movies site using Windows Authentication (make sure to disable anonymous access). Use the following information to connect to the database:
 1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
 1. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    1. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: "Create Domain Certificate..." in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just created.
Line 8: Line 15:
   1. Server: {{{cs446.cs.southern.edu}}}
   1. Database: {{{MyMovies}}}
   1. Username (SQL): {{{cpte230}}}
   1. Password: {{{Hello123Passwordcpte230}}}
   1. Make a group called {{{MovieEditors}}} that is allowed to delete items from the movies application and do not put the dra user in it.
   1. Make sure only {{{MovieEditors}}} can edit or delete movies. Allow any authenticated user can add or view the list.
   1. Require the site to use SSL
{{{#!wiki comment
    1. '''Only if you are using Core''' - [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. '''Only if you are using Core''' - See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”
       1. This will create a file containing you certificate to install.
    1. Copy the certificate file to your CPTE230B machine.
    1. Click on "Complete Certificate Request..."
    1. Select the certificate file you copied from CPTE230A
       1. Choose type as Web Hosting.
}}}
Line 16: Line 26:
Note: You will need to add the "Application Server Role" and the "{{{WinRM}}}" feature to IIS server.
Line 21: Line 32:
CPTE230A (192.168.X.2) CPTE230A (192.168.1.2)
Line 23: Line 34:
 * AD DS Server
Line 25: Line 35:

CPTE 230B (192.168.X.3)
Line 29: Line 36:
 * Movies Web Application using Windows Authentication
  * Site requires SSL
  * Only {{{MovieEditors}}} can change or delete movies. Authenticated users can add or view movies.
Line 35: Line 39:
||Video shows the Certificate Server and certificates issued on CPTE230A ||30 ||
||Video shows a complete use of the Movies website with both success and failures of edits using appropriate logins. ||60 ||
||Video shows the Certificate Server and certificates issued on CPTR230A ||30 ||
||Video shows a website showing certificate, and that it is trusted by your browser. ||60 ||

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
  2. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    2. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    3. Click on: "Create Domain Certificate..." in the action pane.
    4. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just created.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority
  • IIS (With SSL Certificate from AD Cert. Auth.)

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTR230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2024-10-31 18:24:29 by scot)