Post on 08-Apr-2017
WELCOME TO MY
PRESENTATION
Presented by: Presented to:
Name: XID: M-110303031Jagannath University, Dhaka-1100
Project ConsultantNetworking TechnologyJagannath University, Dhaka-1100
PRESENTATION ON
DEPLOY AND CONFIGURE AN ENTERPRISE ROOT CA
AND SUBORDINATE CA
ENTERPRISE ROOT CA
An enterprise root CA is certificate server that has signed its own certificate, is installed on a computer that is a member of the domain, and can issue certificates based on templates stored in Active Directory.
The Advantage of Enterprise Root CA Is TO :
We can configure issuance policies based on Active Directory properties. This means that an enterprise CA can automatically issue a specific type of certificate to a user, computer, or service without requiring the manual approval of an administrator.
Enterprise root CAs are suitable for organizations with fewer than 300 users who only need a single CA and do not need to deploy a complex CA hierarchy
PRE-REQUISITE TO CONFIGURE ENTERPRISE
ROOT CA
On Domain Controller Install the Active Directory Certificate Service
INSTALL THE ACTIVE DIRECTORY
CERTIFICATE SERVICES ROLE
Open Server Manager→Manage →Add Roles and Features
Select a Server from the server pool and then click next.
Select the Active Directory Certificate Services and then click next.
Select the role services to install for Active Directory Certificate Services and click next.
Select the role services to install for Web Server(IIS) and click next.
To install the following roles, roles services on this server and click install
Successfully completed installation progress and then close
Configure Active Directory Certificate Services .
On the AD CS Configuration Wizard ensure that the EUROPE\administrator is selected.
Now select Role Services to configure and click next
On the setup type page select Enterprise CA and click next.
Specify the name of the CA and then click next.
TO configure the following roles and features and click configure.
Select the Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service and click next
Select the CA name for certificate Enrollment Web Services and then click next
Ensure that Windows Integrated Authentication is selected and click next.
For specifying a Server Authentication Certificate, click europe-EUROPEMACHINE-CA and click next
Successfully configured Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service and click close
Enterprise Subordinate CA
An enterprise subordinate CA can obtain its signing certificate from a standalone root CA or an enterprise root CA. Enterprise subordinate CAs are able to issue certificates based on certificate templates that are stored in Active Directory.
Pre-requisite to Configure Enterprise Subordinate CA Join a server to a Enterprise Root CA
Domain Controller. Install AD CS Role.
Sign in to Europe Client as europe\administrator with password PTTC$123
Open Server Manager → Manage →Add Roles and Features
Select a Server from the server pool and then click next.
Select the Active Directory Certificate Services and then click next
Select the Certificate Authority to install the AD CS and click next
Configure AD CS on this Server
Specify credential to configure role services and click next.
Select Enterprise Root CA and click next
Select Subordinate CA and click next
Request a certificate from Parent CA and click next
TO configure the following roles and features and click configure.
AD CS Has been configured successfully and click close.
Server Manager Tools Certification Authority
Right click on europe-EUROPECM-CA and click properties
On the General tab and click Certificate#0 and click view certificate
Verify the certificate is issued by Europe-EUROPEMACHINE-CA and valid Date.
THANKS TOALL