2148
Comment:
|
2011
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
1. Install a AD Certificate server on CPTE230A. | 1. Install a AD Certificate server on CPTR230A. |
Line 6: | Line 6: |
1. Install IIS with an X.508 certificate for your default site on CPTE230A 1. Install IIS 10 (include the management service see [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]]) 1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs. 1. If not installed on the Windows Client, install IIS management Console. |
1. Install IIS with an X.509 certificate for your default site on CPTR230A 1. Install IIS Latest (include the management service) 1. Optionally [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need! 1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs. |
Line 12: | Line 12: |
1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal" 1. Copy the file CPTE230A. |
1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal" |
Line 23: | Line 22: |
Line 29: | Line 31: |
CPTE 230B (192.168.1.3) |
|
Line 33: | Line 32: |
Note we will be installing a webservice on CPTE 230 B in the next lab. |
Lab 07
Perform the following
- Install a AD Certificate server on CPTR230A.
- I used all defaults for my AD Certificate server as a Enterprise Root CA.
- Install IIS with an X.509 certificate for your default site on CPTR230A
- Install IIS Latest (include the management service)
Optionally IISInstallCertificateFromCommandLine. If you take this option, you will complete everything but the next item, which you do need!
See remote administration docs.
- With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
- Click on: Create a Certificate Request... in the action pane.
- Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req” This will create a file containing you certificate to install.
- Copy the certificate file to your CPTE230B machine.
- Click on "Complete Certificate Request..."
- Select the certificate file you copied from CPTE230A
- Choose type as Web Hosting.
- Click on your default web site to bind the certificate to your website.
- Click on Bindings, and click on ADD
- Add a binding for https and select the certificate that you just imported.
Document the new services for each server on a new page named services I.e.
Services Installed:
CPTE230A (192.168.1.2)
- AD Certificate Authority
- IIS (With SSL Certificate from AD Cert. Auth.)
Video Grade Guide
Topics |
Points |
Video shows the Certificate Server and certificates issued on CPTE230A |
30 |
Video shows a website showing certificate, and that it is trusted by your browser. |
60 |
Video talks through the documentation |
10 |