2815
Comment:
|
← Revision 43 as of 2024-10-31 18:24:29 ⇥
2295
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
1. Install a AD Certificate server on CPTE230A. 1. I used all defaults for my AD Certificate server as a Enterprise Root CA. 1. Install IIS with an X.508 certificate for your default site on CPTE230A 1. Install IIS 10 (include the management service) 1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs. 1. If not installed on the Windows Client, install IIS management Console from [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]]. a. Although this is nice to have on hand, and we will use it later, you will have to use the GUI installed on the server (along with the feature on demand: AppCompatibility see [[https://docs.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand|here]]) NOTE: If you get errors installing server-core-app-compatibility-feature-on-demand, make sure to install updates, without these we have experienced repeated failures. a. Remember that even with the AppCompatibilty package installed, you do not have the ability to use a file browser. Do not use the ellipses to select a file or the MMC will crash. 1. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane. 1. Click on: Create a Certificate Request... in the action pane. 1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal" 1. Copy the file CPTE230A. 1. From a command prompt type: {{{certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”}}} This will create a file containing you certificate to install. |
1. Install a AD Certificate server on CPTR230A. 1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link. 1. Install IIS with an X.509 certificate for your default site on CPTR230A 1. Install IIS Latest (include the management service) 1. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane. 1. Click on: "Create Domain Certificate..." in the action pane. 1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal" 1. Click on your default web site to bind the certificate to your website. 1. Click on Bindings, and click on ADD 1. Add a binding for https and select the certificate that you just created. {{{#!wiki comment 1. '''Only if you are using Core''' - [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need! 1. '''Only if you are using Core''' - See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs. 1. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req” 1. This will create a file containing you certificate to install. |
Line 21: | Line 24: |
1. Click on your default web site to bind the certificate to your website. 1. Click on Bindings, and click on ADD 1. Add a binding for https and select the certificate that you just imported. |
}}} |
Line 34: | Line 35: |
CPTE 230B (192.168.1.3) |
|
Line 38: | Line 36: |
Note we will be installing a webservice on CPTE 230 B in the next lab. |
|
Line 43: | Line 39: |
||Video shows the Certificate Server and certificates issued on CPTE230A ||30 || | ||Video shows the Certificate Server and certificates issued on CPTR230A ||30 || |
Lab 07
Perform the following
- Install a AD Certificate server on CPTR230A.
- I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
- Install IIS with an X.509 certificate for your default site on CPTR230A
- Install IIS Latest (include the management service)
- Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
- Click on: "Create Domain Certificate..." in the action pane.
- Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
- Click on your default web site to bind the certificate to your website.
- Click on Bindings, and click on ADD
- Add a binding for https and select the certificate that you just created.
Document the new services for each server on a new page named services I.e.
Services Installed:
CPTE230A (192.168.1.2)
- AD Certificate Authority
- IIS (With SSL Certificate from AD Cert. Auth.)
Video Grade Guide
Topics |
Points |
Video shows the Certificate Server and certificates issued on CPTR230A |
30 |
Video shows a website showing certificate, and that it is trusted by your browser. |
60 |
Video talks through the documentation |
10 |