Differences between revisions 12 and 42 (spanning 30 versions)
Revision 12 as of 2017-10-11 18:18:12
Size: 1967
Editor: scot
Comment:
Revision 42 as of 2023-11-02 19:30:29
Size: 2295
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 1. Install a AD Certificate server on CPTE230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
 1. Install IIS with an X.508 certificate for your default site on CPTE230B
    1. Install IIS 10
    1. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: Create a Certificate Request... in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"
    1. Copy the file CPTE230A.
    1. From a command prompt type: {{{certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”}}} This will create a file containing you certificate to install. 		 1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
 1. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    1. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: "Create Domain Certificate..." in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just created.

{{{#!wiki comment
    1. '''Only if you are using Core''' - [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. '''Only if you are using Core''' - See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”
       1. This will create a file containing you certificate to install.
Line 17: Line 24:
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just imported. 		}}}
Line 24: Line 32:
CPTE230A (192.168.X.2) CPTE230A (192.168.1.2)
Line 26: Line 34:
 * AD DS Server
Line 28: Line 35:

CPTE 230B (192.168.X.3)
Line 32: Line 36:
 * Movies Web Application using Windows Authentication
  * Site requires SSL
  * Only {{{MovieEditors}}} can change or delete movies. Authenticated users can add or view movies.
Line 39: Line 40:
||Video shows a complete use of the Movies website with both success and failures of edits using appropriate logins. ||60 || ||Video shows a website showing certificate, and that it is trusted by your browser. ||60 ||

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
  2. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    2. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    3. Click on: "Create Domain Certificate..." in the action pane.
    4. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just created.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority
  • IIS (With SSL Certificate from AD Cert. Auth.)

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTE230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2023-11-02 19:30:29 by scot)