Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 310
  • Last Modified:

Certificate Services

I will admin, certificate services is something I never fully understood in all the years of managing a windows environment and classes. I need some guidance. We have VMWare that uses VCenter. The VCenter needs 4 or 5 certificates installed. Rather than pay $1,000 for a public certificate authority, I think all I need is an internal Certificate server (none of these services are traversing the Internet, just in-house). I never setup a certificate server before. I just need a server to issue a certificate for my VMWare server. Do I install a CA?, standalone root? or do you have to do both? Also, when you install this do the users and computers automatically get incorporated into the server or do that have to be "activated". I don't want to have all these issues popping up right after I install the server. Thanks!
0
jsgrosskopf
Asked:
jsgrosskopf
  • 3
  • 2
1 Solution
 
ChrisCommented:
If you have a windows Domain then its worth looking at.

The recommend setup is a two tier PKI.
A standalone root CA that is not on the domain and then a subordinate Enterprise CA that actually does the signing.

If you look at this technet article is details out all the steps for setting it up. Its what i go back to to check stuff

http://blogs.technet.com/b/xdot509/archive/2013/03/22/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up.aspx

As for the User and computers being automatically incorporated the answer is no.
You need to setup up auto enrollment policies for gives users or computers certificates

Have a look through this to explain auto enrollment
http://morgansimonsen.wordpress.com/2013/06/25/active-directory-domain-controllers-and-certificate-auto-enrollment/

You would probably need to basic VM's so if that won't cost too much then go for it. If not have a look at Go Daddy or something cheap
0
 
jsgrosskopfIS ManagerAuthor Commented:
Wow, thanks for the tip. It looks complicated, plus I'll need another server to setup outside my domain, which I don't have right now. It's starting to look like cost is going to be a wash, new server for stand alone vs. getting 4 certs from godaddy or somewhere else. Thanks again
0
 
ChrisCommented:
do you have any virtual hosts - hyper-v or ESX as if you configure correctly you just build on the network, don't add to the domain and then make it offline
0
 
jsgrosskopfIS ManagerAuthor Commented:
I do and will do that but Can do it with just an enterprise Root CA only. Do I have to have a standalone root CA?
0
 
ChrisCommented:
You can just do one tier its not a problem. I do that in my test labs.

Also always good to state recommended practices and then caveat for what gets done usually.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now