• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 431
  • Last Modified:

Windows 2008 CA Setup

Here is my situation. My boss wants us to move towards two factor authentication for laptop users who use VPN to access the network. Currently, we have a Sonicwall SSL-VPN 2000 appliance which provides our VPN access. Our plan is to set up a simple Windows CA server and use smart cards which will authenticate with this CA and allow VPN access. Last week, I installed the CA role on a VM which is running Windows 2008 R2 SP1. However, I am having quite a time setting up the CA since this is my first rodeo dealing with certificates and CAs.

First question is where would I find the server.crt. I thought my public and private key pairs were created during the creation of the CA role, but I cannot find these keys or certificates. Secondly, what is the best way to set up a Windows CA? If I need to, I will uninstall the current CA role and start over.

Your thoughts and answers are appreciated. Thanks.
0
thef284
Asked:
thef284
2 Solutions
 
vahiidCommented:
On your CA if you go to http(s):\\localhost\certsrv you will be able to download a CA certificate, certificate chain, or CRL if that is what you mean by server.crt.

If you're looking for best Practice recommendation: 2-tier CA hierarchy, take a look at this link here: http://www.networksteve.com/forum/topic.php/Best_Practice_recommendation:_2-tier_CA_hierarchy_-_Windows_Serv/?TopicId=6491&Posts=5

0
 
e_aravindCommented:
IMO

On the CA servers, mmc --> certificates --> local sever --> Personal
You should see some certificates related to that CA

On the same certificates consoles --> other tab...you can find the root-certs for this CA.

Note:
Just uninstalling the "AD integrated CA" server is not sufficient
You need to clean-up the AD to remove the old stuffs @ the AD to get a cleaner setup.

Related Links:
How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000
http://support.microsoft.com/kb/889250

How to remove manually Enterprise Windows Certificate Authority from Windows 2000/2003 Domain
http://support.microsoft.com/kb/555151
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now