Solved

Creating and issuing a Certificate in Windows 2008.

Posted on 2011-09-15
4
335 Views
Last Modified: 2012-05-12
My Certificate Services servers are in place and ready to create and issue certificates.
I am using the 2 tier approach to Certificate Services.
I have created my stand-alone ROOTCA and my Issuing Certificate Services Server in my domain.
My RootCA has been published to AD with certutil -dspublish and I have added it as well to my trusted ROOTCA's for my domain with a GPO.
I have duplicated my Computer Template and set it up ready to issue certificates after I create them.
I have created a GPO that will be used to issue certificates after I create them.

What are the Best Practices Steps for creating our own certificate to be applied to an application server and the users/workstations that will access it?
0
Comment
Question by:lanman777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 36544260
Well, if you had an Enterprise Root CA, you could configure Autoenrollment for the certificates and not have to worry about issuing and deploying the certificates. Autoenroll isn't possible with a Stand Alone CA, though. At any rate, the steps required for creating a certificate vary depending on the purpose of the Certificate. If you are using IPSec to secure communications between the Application server and workstations, you would Enroll/generate a certificate for each system individually using the certificate services web page (https://servername/certsrv), which is a great deal of work. If you are securing a Web application with an SSL certificate, you need only generate a Certificate Signing Request from IIS and then generate a response using the Certificate Services Web page. Client machines do not need certificates to connect to an SSL partner. There are a lot of different scenarios for certificates, so if possible, could you elaborate on what you need to have the certificates for?
0
 

Author Comment

by:lanman777
ID: 36545048
I need and IIS certificate.

Thanks!
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 36545062
Okay. Which version of Windows is running the IIS site?
0
 

Author Comment

by:lanman777
ID: 36545281
Windows 2003 x64 SP2 and 2003 Standard SP2.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question