Differences between revisions 7 and 26 (spanning 19 versions)
Revision 7 as of 2016-08-21 15:01:34
Size: 2489
Editor: scot
Comment:
Revision 26 as of 2021-10-27 20:15:55
Size: 2817
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
Perform the following on your Domain Controller and IIS server. This should be on CPTE230A (Your first Windows Server) and CPTE230B (Your Member Server). Perform the following
Line 4: Line 4:
 1. Use the videos in this section to Install a AD Certificate server on CPTE230A.
 1. Use the videos in this section to Install a certificate for your default site on CPTE230B
 1. Use the videos in this section and course lecture notes to Create and deploy a Movies site using Windows Authentication (make sure to disable anonymous access). Use the following information to connect to the database:
 1. Install a AD Certificate server on CPTE230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
 1. Install IIS with an X.508 certificate for your default site on CPTE230A
    1. Install IIS 10 (include the management service)
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. If not installed on the Windows Client, install IIS management Console from [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]].
       a. Although this is nice to have on hand, and we will use it later, you will have to use the GUI installed on the server (along with the feature on demand: !AppCompatibility see [[https://docs.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand|here]]) NOTE: If you get errors installing server-core-app-compatibility-feature-on-demand, make sure to install updates, without these we have experienced repeated failures.
       a. Remember that even with the !AppCompatibilty package installed, you do not have the ability to use a file browser. Do not use the ellipses to select a file or the MMC will crash.
    1. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: Create a Certificate Request... in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"
    1. Copy the file CPTE230A.
    1. From a command prompt type: {{{certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”}}} This will create a file containing you certificate to install.
    1. Copy the certificate file to your CPTE230B machine.
    1. Click on "Complete Certificate Request..."
    1. Select the certificate file you copied from CPTE230A
       1. Choose type as Web Hosting.
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just imported.
Line 8: Line 25:
---- /!\ '''Edit conflict - other version:''' ----
 1. Server: {{{cs446.cs.southern.edu}}}
 1. Database: {{{MyMovies}}}
 1. Username (SQL): {{{cpte230}}}
 1. Password: {{{Hello123Passwordcpte230}}}
 1. Make a group called {{{MovieEditors}}} that is allowed to delete items from the movies application and do not put the dra user in it.
 1. Make sure only {{{MovieEditors}}} can edit or delete movies. Allow any authenticated user can add or view the list.
 1. Require the site to use SSL
Line 17: Line 26:
---- /!\ '''Edit conflict - your version:''' ----
   1. Server: {{{cs446.cs.southern.edu}}}
   1. Database: {{{MyMovies}}}
   1. Username (SQL): {{{cpte230}}}
   1. Password: {{{Hello123Passwordcpte230}}}
   1. Make a group called {{{MovieEditors}}} that is allowed to delete items from the movies application and do not put the dra user in it.
   1. Make sure only {{{MovieEditors}}} can edit or delete movies. Allow any authenticated user can add or view the list.
   1. Require the site to use SSL
Line 26: Line 27:
---- /!\ '''End of edit conflict''' ----

Note: You will need to add the "Application Server Role" and the "{{{WinRM}}}" feature to the CPTE230B computer.
Line 33: Line 31:
CPTE265A (192.168.X.2) CPTE230A (192.168.1.2)
Line 35: Line 33:
 * AD DS Server
Line 38: Line 35:
CPTE 265B (192.168.X.3) CPTE 230B (192.168.1.3)
Line 41: Line 38:
 * Movies Web Application using Windows Authentication
  * Site requires SSL
  * Only {{{MovieEditors}}} can change or delete movies. Authenticated users can add or view movies.

Note we will be installing a webservice on CPTE 230 B in the next lab.
Line 47: Line 43:
||Video shows the Certificate Server and certificates issued on CPTE265A ||30 ||
||Video shows a complete use of the Movies website with both success and failures of edits using appropriate logins. ||60 ||
||Video shows the Certificate Server and certificates issued on CPTE230A ||30 ||
||Video shows a website showing certificate, and that it is trusted by your browser. ||60 ||

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTE230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
  2. Install IIS with an X.508 certificate for your default site on CPTE230A
    1. Install IIS 10 (include the management service)
    2. See remote administration docs.

    3. If not installed on the Windows Client, install IIS management Console from here.

      1. Although this is nice to have on hand, and we will use it later, you will have to use the GUI installed on the server (along with the feature on demand: AppCompatibility see here) NOTE: If you get errors installing server-core-app-compatibility-feature-on-demand, make sure to install updates, without these we have experienced repeated failures.

      2. Remember that even with the AppCompatibilty package installed, you do not have the ability to use a file browser. Do not use the ellipses to select a file or the MMC will crash.

    4. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    5. Click on: Create a Certificate Request... in the action pane.
    6. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"
    7. Copy the file CPTE230A.
    8. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req” This will create a file containing you certificate to install.

    9. Copy the certificate file to your CPTE230B machine.
    10. Click on "Complete Certificate Request..."
    11. Select the certificate file you copied from CPTE230A
      1. Choose type as Web Hosting.
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just imported.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority

CPTE 230B (192.168.1.3)

  • IIS (With SSL Certificate from AD Cert. Auth.)

Note we will be installing a webservice on CPTE 230 B in the next lab.

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTE230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2024-10-31 18:24:29 by scot)