Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate Services

Posted on 2014-01-17
5
Medium Priority
?
299 Views
Last Modified: 2014-01-20
I will admin, certificate services is something I never fully understood in all the years of managing a windows environment and classes. I need some guidance. We have VMWare that uses VCenter. The VCenter needs 4 or 5 certificates installed. Rather than pay $1,000 for a public certificate authority, I think all I need is an internal Certificate server (none of these services are traversing the Internet, just in-house). I never setup a certificate server before. I just need a server to issue a certificate for my VMWare server. Do I install a CA?, standalone root? or do you have to do both? Also, when you install this do the users and computers automatically get incorporated into the server or do that have to be "activated". I don't want to have all these issues popping up right after I install the server. Thanks!
0
Comment
Question by:jsgrosskopf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 2000 total points
ID: 39792712
If you have a windows Domain then its worth looking at.

The recommend setup is a two tier PKI.
A standalone root CA that is not on the domain and then a subordinate Enterprise CA that actually does the signing.

If you look at this technet article is details out all the steps for setting it up. Its what i go back to to check stuff

http://blogs.technet.com/b/xdot509/archive/2013/03/22/installing-a-two-tier-pki-hierarchy-in-windows-server-2012-wrap-up.aspx

As for the User and computers being automatically incorporated the answer is no.
You need to setup up auto enrollment policies for gives users or computers certificates

Have a look through this to explain auto enrollment
http://morgansimonsen.wordpress.com/2013/06/25/active-directory-domain-controllers-and-certificate-auto-enrollment/

You would probably need to basic VM's so if that won't cost too much then go for it. If not have a look at Go Daddy or something cheap
0
 

Author Comment

by:jsgrosskopf
ID: 39794311
Wow, thanks for the tip. It looks complicated, plus I'll need another server to setup outside my domain, which I don't have right now. It's starting to look like cost is going to be a wash, new server for stand alone vs. getting 4 certs from godaddy or somewhere else. Thanks again
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39794383
do you have any virtual hosts - hyper-v or ESX as if you configure correctly you just build on the network, don't add to the domain and then make it offline
0
 

Author Comment

by:jsgrosskopf
ID: 39794481
I do and will do that but Can do it with just an enterprise Root CA only. Do I have to have a standalone root CA?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39794540
You can just do one tier its not a problem. I do that in my test labs.

Also always good to state recommended practices and then caveat for what gets done usually.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question