Solved

Creating and issuing a Certificate in Windows 2008.

Posted on 2011-09-15
4
332 Views
Last Modified: 2012-05-12
My Certificate Services servers are in place and ready to create and issue certificates.
I am using the 2 tier approach to Certificate Services.
I have created my stand-alone ROOTCA and my Issuing Certificate Services Server in my domain.
My RootCA has been published to AD with certutil -dspublish and I have added it as well to my trusted ROOTCA's for my domain with a GPO.
I have duplicated my Computer Template and set it up ready to issue certificates after I create them.
I have created a GPO that will be used to issue certificates after I create them.

What are the Best Practices Steps for creating our own certificate to be applied to an application server and the users/workstations that will access it?
0
Comment
Question by:lanman777
  • 2
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 36544260
Well, if you had an Enterprise Root CA, you could configure Autoenrollment for the certificates and not have to worry about issuing and deploying the certificates. Autoenroll isn't possible with a Stand Alone CA, though. At any rate, the steps required for creating a certificate vary depending on the purpose of the Certificate. If you are using IPSec to secure communications between the Application server and workstations, you would Enroll/generate a certificate for each system individually using the certificate services web page (https://servername/certsrv), which is a great deal of work. If you are securing a Web application with an SSL certificate, you need only generate a Certificate Signing Request from IIS and then generate a response using the Certificate Services Web page. Client machines do not need certificates to connect to an SSL partner. There are a lot of different scenarios for certificates, so if possible, could you elaborate on what you need to have the certificates for?
0
 

Author Comment

by:lanman777
ID: 36545048
I need and IIS certificate.

Thanks!
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 36545062
Okay. Which version of Windows is running the IIS site?
0
 

Author Comment

by:lanman777
ID: 36545281
Windows 2003 x64 SP2 and 2003 Standard SP2.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question