Differences between revisions 22 and 33 (spanning 11 versions)
Revision 22 as of 2021-10-21 20:11:07
Size: 2431
Editor: scot
Comment:
Revision 33 as of 2022-11-03 18:42:05
Size: 2118
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
    1. Install IIS 10 (include the management service)
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. If not installed on the Windows Client, install IIS management Console from [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]].
       a. Although this is nice to have on hand, you will have to use the GUI installed on the server (along with the feature on demand: AppCompatibility see [[https://docs.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand|here]]
    1. Install IIS Latest (include the management service)
    1. Optionally [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
Line 13: Line 12:
    1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"     1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.internal"
Line 33: Line 32:

CPTE 230B (192.168.1.3)

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTE230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
  2. Install IIS with an X.508 certificate for your default site on CPTE230A
    1. Install IIS Latest (include the management service)
    2. Optionally IISInstallCertificateFromCommandLine. If you take this option, you will complete everything but the next item, which you do need!

    3. See remote administration docs.

    4. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    5. Click on: Create a Certificate Request... in the action pane.
    6. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.internal"
    7. Copy the file CPTE230A.
    8. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req” This will create a file containing you certificate to install.

    9. Copy the certificate file to your CPTE230B machine.
    10. Click on "Complete Certificate Request..."
    11. Select the certificate file you copied from CPTE230A
      1. Choose type as Web Hosting.
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just imported.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority
  • IIS (With SSL Certificate from AD Cert. Auth.)

Note we will be installing a webservice on CPTE 230 B in the next lab.

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTE230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2024-10-31 18:24:29 by scot)