Windows 2. 01. 2 R2 Certification Authority installation guide. This step- by- step guide explains how to install and configure public key infrastructure, based on: Windows 2. ![]() R2 Server core – offline Root CAWindows 2. R2 domain controller. Windows 2. 01. 2 R2 standard edition – Subordinate Enterprise CA server. Offline Root CA – OS installation phase.
Boot the server using Windows 2. R2 bootable DVD. From the installation option, choose “Windows Server 2. R2 Standard (Server Core Installation)” - > click Next. Accept the license agreement - > click Next. Choose “Custom: Install Windows Only (Advanced)” installation type - > specify the hard drive to install the operating system - > click Next. ![]() · SYNOPSIS. Creates a new self-signed certificate for testing purposes. SYNTAX New-SelfSignedCertificate [-SecurityDescriptor <FileSecurity>] [-TextExtension. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRL+ALT+DELETEChoose “Administrator” account - > click OK to replace the account password - > specify complex password and confirm it - > press Enter - > Press OK. From the command prompt window, run the command bellow: sconfig. Press “2” to replace the computer name - > specify new computer name - > click “Yes” to restart the server. To login to the server, press CTRL+ALT+DELETE - > specify the “Administrator” account credentials. How to install a PKI based on Microsoft Certificate Services in Windows Server 2003.From the command prompt window, run the command bellow: sconfig. Press “5” to configure “Windows Update Settings” - > select “A” for automatic - > click OK. Press “6” to download and install Windows Updates - > choose “A” to search for all updates - > Choose “A” to download and install all updates - > click “Yes” to restart the server. To login to the server, press CTRL+ALT+DELETE - > specify the “Administrator” account credentials. From the command prompt window, run the command bellow: sconfig. In- case you need to use RDP to access and manage the server, press “7” to enable “Remote Desktop” - > choose “E” to enable - > choose either “1” or “2” according to your client settings - > Press OK. Press “8” to configure “Network settings” - > select the network adapter by its Index number - > press “1” to configure the IP settings - > choose “S” for static IP address - > specify the IP address, subnet mask and default gateway - > press “2” to configure the DNS servers - > click OK - > press “4” to return to the main menu. Press “9” to configure “Date and Time” - > choose the correct “date/time” and “time zone” - > click OKPress “1. Yes” to restart the server. To login to the server, press CTRL+ALT+DELETE - > specify the “Administrator” account credentials. From the command prompt window, run the command bellow: powershell. Run the commands bellow to enable remote management of the Root CA: Enable- Net. Firewall. Rule - Display. Group "Remote Service Management"Note: The above command should be written in single line. Enable- Net. Firewall. Rule - Display. Group "Remote Desktop"Offline Root CA – Certificate Authority server installation phase. To login to the server, press CTRL+ALT+DELETE - > specify the “Administrator” account credentials. From the command prompt window, run the command bellow: powershell. Run the command below to create CA policy file: notepad c: \windows\capolicy. Specify the following data inside the capolicy. Version]Signature="$Windows NT$"[Certsrv_Server]Renewal. Key. Length=4. 09. Renewal. Validity. Period=Years. Renewal. Validity. Period. Units=2. 0CRLPeriod=Weeks. CRLPeriod. Units=2. CRLDelta. Period=Days. CRLDelta. Period. Units=0. Load. Default. Templates=0. Alternate. Signature. Algorithm=1[Policy. Statement. Extension]Policies=Legal. Policy[Legal. Policy]OID=1. Notice="Legal Policy Statement"URL=http: //www/Cert. Enroll/cps. asp. Run the commands below to install Certification Authority using Powershell: Import- Module Server. Manager. Add- Windows. Feature ADCS- Cert- Authority - Include. Management. Tools. Note: The above command should be written in single line. Run the command below to install the Root CA: Install- Adcs. Certification. Authority - CAType Standalone. Root. CA - Key. Length 4. Hash. Algorithm. Name SHA2. Validity. Period Years - Validity. Period. Units 2. 0 - CACommon. Name < CA_Server_Name> - Crypto. Provider. Name "RSA#Microsoft Software Key Storage Provider"Note 1: The above command should be written in single line. Note 2: Replace “CA_Server_Name” with the Root CA Net. BIOS name. Run the command below to remove all default CRL Distribution Point (CDP): $crllist = Get- CACrl. Distribution. Point; foreach ($crl in $crllist) {Remove- CACrl. Distribution. Point $crl. Force}; Note: The above command should be written in single line. Run the commands below to configure new CRL Distribution Point (CDP): Add- CACRLDistribution. Point - Uri C: \Windows\System. Cert. Srv\Cert. Enroll\%3%8. Publish. To. Server - Force. Note: The above command should be written in single line. Add- CACRLDistribution. Point - Uri http: //www/Cert. Enroll/%3%8. crl - Add. To. Certificate. CDP - Force. Note: The above command should be written in single line. Run the command below to remove all default Authority Information Access (AIA): $aialist = Get- CAAuthority. Information. Access; foreach ($aia in $aialist) {Remove- CAAuthority. Information. Access $aia. Force}; Note: The above command should be written in single line. Run the command below to configure new Authority Information Access (AIA): Add- CAAuthority. Information. Access - Add. To. Certificate. Aia - uri http: //www/Cert. Enroll/%1_%3. crt. Note: The above command should be written in single line. Run the commands below to configure the Root CA settings: certutil. CA\CRLPeriod. Units 2. CA\CRLPeriod "Weeks"certutil. CA\CRLDelta. Period. Units 0certutil. exe - setreg CA\CRLDelta. Period "Days"certutil. CA\CRLOverlap. Period. Units 1. 2certutil. CA\CRLOverlap. Period "Hours"certutil. CA\Validity. Period. Units 2. 0certutil. CA\Validity. Period "Years"certutil. CA\Key. Size 4. 09. CA\Audit. Filter 1. Run the commands bellow from command line, to configure the Offline Root CA to publish in the active- directory: certutil. DSConfig. DN "CN=Configuration, DC=mycompany,DC=com"Note 1: The above command should be written in single line. Note 2: Replace “DC=mycompany,DC=com” according to your domain name. DSDomain. DN "DC=mycompany,DC=com"Note: Replace “DC=mycompany,DC=com” according to your domain name. Run the command bellow to stop the Cert. Svc service: Restart- Service certsvc. Run the command below to publish new CRL’s: certutil. CRLEnterprise Subordinate CA – OS installation phase. Pre- requirements: Active Directory (Forest functional level – Windows 2. R2)Add “A” record for the Root CA to the Active Directory DNS. Boot the server using Windows 2. R2 bootable DVD. From the installation option, choose “Windows Server 2. R2 Standard (Server with a GUI)” - > click Next. Accept the license agreement - > click Next. Choose “Custom: Install Windows Only (Advanced)” installation type - > specify the hard drive to install the operating system - > click Next. Allow the installation phase to continue and restart the server automatically. To login to the server for the first time, press CTRL+ALT+DELETEChoose “Administrator” account - > click OK to replace the account password - > specify complex password and confirm it - > press Enter - > Press OK. From the “Welcome to Server Manager”, click on “Configure this local server” - > replace the “Computer name” - > restart the server. From the “Welcome to Server Manager”, click on “Configure this local server” - > click on Ethernet - > right click on the network interface - > properties - > configure static IP address. Enable “Remote Desktop”From the command prompt window, run the command bellow: powershell. Run the commands bellow to enable remote management of the Root CA: Enable- Net. Firewall. Rule - Display. Group "Remote Desktop"Enterprise Subordinate CA – Certificate Authority server installation phase. Pre- requirements: DNS CNAME record named “www” for the Enterprise Subordinate CA. Make sure the clocks of the Offline Root CA and the Subordinate CA are synched. To login to the server, press CTRL+ALT+DELETE - > specify the credentials of account member of “Schema Admins”, “Enterprise Admins” and “Domain Admins”. Copy the files bellow from the Offline Root CA server to a temporary folder on the subordinate CA: C: \Windows\System. Cert. Srv\Cert. Enroll\*. C: \Windows\System. Cert. Srv\Cert. Enroll\*. Solved] Event ID: 4. CAPI2 - Multiple entries in. In the eventlog of my fresh Win 7 SP1 6. I find multiple entries for the above error: "Failed auto update retrieval of third- party root certificate from: < http: //ctldl. F4xxxxxxxxxxxxxxxxxxxxxxxxxxxx. Error: 1. 20. 29 (0x. Failed auto update retrieval of third- party root certificate from: < http: //ctldl. F4xxxxxxxxxxxxxxxxxxxxxxxxxxxx. Error: This network connection does not exist."The event is logged each day several times (see screenshot at < http: //abload. There is definitely *no* problem with my network connection and when I paste the URL < http: //ctldl. F4xxxxxxxxxxxxxxxxxxxxxxxxxxxx. I'm asked to install Microsoft Root Certificate Authority 2. How can I fix this error?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |