Thursday, 30 May 2013

Certificate Services Installing CA

The preferred method

Microsoft best practice is to install a standalone root CA with an enterprise subordinate CA. The Standalone can then be isolated offline for enhanced security while the subordinate takes over issuing certificates.

The following videos gives a short demo of installing two CAs using server 2003 … it is a good starting point for his 2008 videos.

Microsoft CA 1 of 2 - Setup Standalone Root

Microsoft CA 2 of 2 - Enterprise Subordinate

The following video gives a short demo of CA autoenrollment using server 2003.

Microsoft CA - Autoenrollment Step-by-Step

In reality a single tier

While it is best practice to have two CAs … see above … in many instances you may only have one server at your disposal.

Single Tier PKI one CA that does all the issuing of certificates aimed at small business of up to 300.

Certificate Services 2008 R2 - Installing a Single Tier PKI

SSL in depth

Certificate Services 2008 1 of 4 - Installing a Microsoft CA

Certificate Services 2008 2 of 4 - Implementing a SSL Certificate

Certificate Services 2008 3 of 4 - Binding the SSL Certificate

Certificate Services 2008 4 of 4 - SSL Under the hood

 

Certificate Services 2008 1 of 2 - Autoenrollment (concept)

Certificate Services 2008 2 of 2 - Autoenrollment  Step By Step

No comments:
Labels: , ,

Windows CA 2008 and IE10 Error

When messing around with Certificate Services on Windows Server 2008 R2 and trying to connect to the CA’s certsrv folder in the browser I got the error:

“The Web Browser does not support the generation of certificate requests”

image

The problem is related to IE 10; if I switch to compatibility mode no problem.

image

TechNet: Windows PKI Blog

News and information for public key infrastructure (PKI) and Active Directory Certificate Services (AD CS) professionals.

No comments:
Labels: ,

Hyper-V VMs continually shutting down

I have an issue with my Virtual Machines (VMs) shutting down after a short period. It would appear to be related to the operating system expiring.

Happens with Windows Server 2008 VMs … Windows 7 VMs appears to be okay.

One solutions is rearming from the command prompt with

slmgr.vbs –rearm

The post I got the fix from mentioned that this would reoccur in about 5 days.

I suspect that the VMs will have to be rearmed every time they are reverted. A small annoyance in a test environment but in a production environment … where is your licence!!

No comments:
Labels:

Monday, 20 May 2013

Using Certificates for IPsec Authentication

In a previous post IPsec Overview there is an example of securing Telnet with IPsec. This link to a TechNet Video takes the Telnet example further by using Certificates for IPsec Authentication.

TechNet Video: Using Certificates for IPsec Authentication

No comments:
Labels: , , , ,

IPsec Overview

Overview of IPsec

Useful overview of IPsec with example of setup using group policy.

I have included a link to the contributors YouTube site

IT Free Training MCITP 70-640

No comments:
Labels: , , ,
Subscribe to: Posts (Atom)