?
Solved

Creating and issuing a Certificate in Windows 2008.

Posted on 2011-09-15
4
Medium Priority
?
336 Views
Last Modified: 2012-05-12
My Certificate Services servers are in place and ready to create and issue certificates.
I am using the 2 tier approach to Certificate Services.
I have created my stand-alone ROOTCA and my Issuing Certificate Services Server in my domain.
My RootCA has been published to AD with certutil -dspublish and I have added it as well to my trusted ROOTCA's for my domain with a GPO.
I have duplicated my Computer Template and set it up ready to issue certificates after I create them.
I have created a GPO that will be used to issue certificates after I create them.

What are the Best Practices Steps for creating our own certificate to be applied to an application server and the users/workstations that will access it?
0
Comment
Question by:lanman777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 36544260
Well, if you had an Enterprise Root CA, you could configure Autoenrollment for the certificates and not have to worry about issuing and deploying the certificates. Autoenroll isn't possible with a Stand Alone CA, though. At any rate, the steps required for creating a certificate vary depending on the purpose of the Certificate. If you are using IPSec to secure communications between the Application server and workstations, you would Enroll/generate a certificate for each system individually using the certificate services web page (https://servername/certsrv), which is a great deal of work. If you are securing a Web application with an SSL certificate, you need only generate a Certificate Signing Request from IIS and then generate a response using the Certificate Services Web page. Client machines do not need certificates to connect to an SSL partner. There are a lot of different scenarios for certificates, so if possible, could you elaborate on what you need to have the certificates for?
0
 

Author Comment

by:lanman777
ID: 36545048
I need and IIS certificate.

Thanks!
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 36545062
Okay. Which version of Windows is running the IIS site?
0
 

Author Comment

by:lanman777
ID: 36545281
Windows 2003 x64 SP2 and 2003 Standard SP2.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question