Installing an Enterprise Subordinate Certification Authority

In this exercise, you will install an enterprise subordinate CA by using an existing root CA.

Instructions

Ensure the 2823_DC2 and 2823_Server1 virtual machines are started.

Perform tasks from the 2823_Server1 virtual machine as the user Chris Gray unless otherwise directed. Chris Gray's username is [email protected] and his password is [email protected] Chris Gray does not have any administrative rights. Perform all administrative tasks by using the RUNAS command or the secondary logon service. When performing administrative tasks, use the username [email protected] and the password [email protected]

Scenario

You are installing an enterprise subordinate certification authority (CA) for Coho Winery. The CA will chain to an existing root CA. The 2823_DC2 virtual machine is configured as a standalone root CA and will function as the existing root CA. For the purpose of this exercise, you will configure the 2823_Server1 virtual machine as a member of the cohowinery.com domain. You will install Certificate Services on the 2823_Server1 virtual machine by enrolling for a CA certificate using the Certificate Services Installation Wizard. You will then transport the certificate request to the commercial root CA where the certificate will be issued. The issued certificate will be exported and used to complete the installation of the subordinate CA.

Tasks

Detailed steps

1. Configure the 2823 Server1 virtual machine to use 192.168.1.201 as the primary DNS server, and then join the 2823 Server1 virtual machine to the cohowinery.com domain.

a. Log on to the 2823 Serverl virtual machine as Administrator using the user name Administrator and the password [email protected]

b. Set the primary DNS server to 192.168.1.201.

c. Join the cohowinery.com domain. When prompted, use the user name cgray and the password [email protected]

d. When prompted, restart the 2823 Server1 virtual machine. Ensure that you do not close the Virtual PC window.

e. Log on to the 2823 Server1 virtual machine as Chris Gray. Use the user name [email protected] and the password [email protected]

2. Install Certificate Services as an enterprise subordinate CA on the 2823_Server1 virtual machine.

■ Install Certificate Services on the 2823 Server1 virtual machine using the following parameters. Leave all unspecified settings at their default values.

• CA type: Enterprise Subordinate CA

• Common name for this CA CohoWinerySubCA

• Certificate request: Save to the default file

• Windows source files location: \\dc2\setup\i386

(continued)

Tasks

Detailed steps

3. Use the certificate request file to issue the new certificate to 2823 Server1.

a. Use the Certification Authority console to connect to the 2823 DC2 virtual machine. The name of the 2823 DC2 virtual machine is dc2.cohowinery. com.

b. Using the Certification Authority Console, import the certificate request, and issue the CA certificate.

c. Export the certificate you just issued as a DER encoded file, and store it in on the 2823 Server1 virtual machine. Name the file CohoWinery SubCA.cer.

4. Configure the subordinate CA to use the certificate that was issued by the root CA.

a. On the 2823 Server1 virtual machine, install the CA certificate.

b. On the 2823 Server1 virtual machine, start the Certificate Services service.

5. Verify the CA has started and is operational.

a. Open Certification Authority.

b. Right-click CohoWinerySubCA, and then click Properties.

c. In the CohoWinerySubCA properties dialog box, select Certificate #0, and then click View Certificate.

d. In the Certificate dialog box, click the Details tab and review the values of each field.

e. In the Certificate dialog box, click the Certificate Path tab, and then click CohoWineryRootCA.

f. Ensure that the Certificate Status contains This certificate is OK.

g. Click OK to close the Certificate dialog box.

h. Click OK to close the CohoVineyardCA Properties.

i. Close all administrative tools.

6. Complete the lab exercise.

a. Close all programs and log off all virtual machines.

b. Close all virtual machines. Do not save changes.

Was this article helpful?

0 0
Outsource Explosion

Outsource Explosion

There will come a day in your business (if it hasn't already arrived) when you realise that you only have two hands and 24 hours in a day. What I mean is you can't do everything that your business needs yourself. If you try to do everything yourself your business will at best grind to a halt, and at worst, GO UNDER. Take a look RIGHT NOW at the successful marketers around you - the millionaires, the gurus and the market leaders.

Get My Free Ebook


Post a comment