Differences between revisions 20 and 35 (spanning 15 versions)
Revision 20 as of 2021-10-21 17:54:41
Size: 2203
Editor: scot
Comment:
Revision 35 as of 2022-11-17 18:37:12
Size: 2011
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 1. Install a AD Certificate server on CPTE230A.  1. Install a AD Certificate server on CPTR230A.
Line 6: Line 6:
 1. Install IIS with an X.508 certificate for your default site on CPTE230A
    1. Install IIS 10 (include the management service)
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs. You will need to install the remote IIS manager tool see: [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]].
    1. If not installed on the Windows Client, install IIS management Console.
 1. Install IIS with an X.508 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    1. Optionally [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
Line 12: Line 12:
    1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"
    1. Copy the file CPTE230A.
    1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
Line 23: Line 22:


Line 29: Line 31:

CPTE 230B (192.168.1.3)
Line 33: Line 32:

Note we will be installing a webservice on CPTE 230 B in the next lab.

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
  2. Install IIS with an X.508 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    2. Optionally IISInstallCertificateFromCommandLine. If you take this option, you will complete everything but the next item, which you do need!

    3. See remote administration docs.

    4. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    5. Click on: Create a Certificate Request... in the action pane.
    6. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
    7. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req” This will create a file containing you certificate to install.

    8. Copy the certificate file to your CPTE230B machine.
    9. Click on "Complete Certificate Request..."
    10. Select the certificate file you copied from CPTE230A
      1. Choose type as Web Hosting.
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just imported.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority
  • IIS (With SSL Certificate from AD Cert. Auth.)

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTE230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2024-10-31 18:24:29 by scot)