How to Install, Configure, and Test Certificate Services in a Windows Server 2012 R2 Domain

How to Install, Configure, and Test Certificate Services in a Windows Server 2012 R2 Domain

An organization can use the certificate for several reasons, such as ensuring that only the desired recipients can read the data sent. In Windows Server 2012 R2 domains, this document displays the viewing of web pages which are not protected by certificates and those that are not.

Reviewing the Configuration

Review network configuration.

Verify IP address, subnet mask, Preferred DNS, and name of the Windows Server 2012 R2 computer: 172.16.150.10, 255.255.255.0, 172.16.150.10, w12r2a10

Verify IP address, subnet mask, Preferred DNS, and name of the Windows 7 computer: 172.16.150.15, 255.255.255.0, 172.16.150.10, w715.

Review domain configuration.

Verify the Windows Server 2012 R2 named w12r2a10, is configured to host the domain kim.com, Passworda10.

Verify the Windows 7 client, named w7a15, is configured as a kim.com domain member.

Verify that you have created a domain user named raja.

Installing, Configuring, and Verifying AD Certificate Services

Install Active Directory Certificate Services.

Use the default settings on a machine named W12r2a10, which is hosting domain kim.com.

Keep the installation progress window open.

Configure Active Directory Certificate Services.

Click Configure Active Directory Certificate Services on the destination server when the blue installation progress bar is 100%; This action displays the credential window.

Click next to display role services.

Click the checkbox next to the Certification Authority and click Next.

Click the next several times to accept all the defaults and display the confirmation.

Click on Configure to display the results and verify that there is a green circle with white check mark, and click Close twice.

Verify Active Directory Certificate Services.

Open Administrative Tools and double click on the Certification Authority.

Extend Kim-W12R2A10-CA and click on issued certificate.

Right click on the white area and click refresh when empty.

Reboot the domain controller, if it is empty even after it’s refreshed.

Display the certificate issued after reboot and scroll right panel, review it.

Note that w12r2a10.kim.com has been listed under the common name issued.

Installing and Browsing Web Server (IIS)

Install Web Server (IIS).

Configure the default settings when installing IIS on a machine named W12r2a10, which is hosting domain kim.com.

Keep the installation progress window open.

Click Close when the blue installation progress bar is 100%.

Browse the web server (IIS).

Visit Admin Tools

Double click on Internet Information Services Manager.

Expand W12r2a10 (KIM \ …) and expand the sites.

Click on the default web site and then click on the bindings under the action.

Click Add.

Click on the dropdown menu under Type and choose https.

Click the dropdown under SSL Certificates, where you will see the certification server, kim-w12r2a01-CA and domain (web server), w12r2a10.kim.com certificate.

Click Cancel when it is closed.

Displaying Domain Member Certificate Configuration

Check the certificate on the domain member.

Log on to the domain from w7a15 as a user rule. Configure IE to point to your homepage, http://w12r2a10.kim.com.

To display your homepage, finish IE and restart it.

Go to IE, Tools, Internet Options, Content, Certificates and click the All tab to see their list.

Notice that the Certification Authority server is the entry of the kim-w12r2a10-CA in Intermediate Certification Authorities and Trusted Route Certification Authorities.

Note that the individual is empty; Why? Because domain user Raj did not make a request.

Go to IE, Tools, Internet Options, Content, Publisher, and click on All tabs.

Notice that the Certification Authority server is the entry of the kim-w12r2a10-CA in Intermediate Certification Authorities and Trusted Route Certification Authorities.

Notice that this personal is also empty.

Why is a certificate entry in Trusted Route Certification Authorities, kim-w12r2a01-CA, important? This means that the server is trusted by the member client; Specifically, the client can display https pages if the web server is configured to serve it.

Use your Https to display your homepage on w7a15.

Note that even though the server and client have a certificate, https does not work.

Keep in mind that this does not work because port 443 is not configured.

Applying and Verifying Secure Socket Layer (SSL)

Configure SSL.

Go to Administrative Tools on the domain controller.

Double click Internet Information Services Manager and expand w12r2a10 (KIM\…)

Expand sites.

Click no, if you are prompted about Microsoft Web Platform.

Click Default Web Site and click Bindings under Actions.

Click Add.

Click the dropdown menu under Type and select https.

Click the dropdown menu under SSL certificate, where you will see the certificate for the certificate server, kim-w12r2a10-CA, and the Domain (Web server), w12r2a10.kim.com.

Click OK. .

Notice that https is now listed in Site Bindings.

Click Close.

Note that the server is now configured for https access

Verify SSL.

Logon to the domain from w7a15 as user raja.

Display your homepage on w7a15 using https.

Note that it works, since the server is configured to server https pages.

Note also that, even though raja does not have a certificate, the https page displayed, because of these reasons.

w7a15, which raja is using, has a certificate issued by the enterprise CA.

kim-w12r2a01-CA; specifically, there is now a trust between the domain controller and w7a15

SSL is configured, but it is not being enforced


Creative Commons License

Leave a Reply