Steve Harris
asked on
Certificate Authority (building)
I am going to be building a CA on a VM and the Microsoft documentation I have found seems out-dated.
What is the recommended platform for this, I have found having an offline one that is the root and then subordinates to issue the certificates as the idea. This seems really intensive.
I really just need one to issue certificates to devices/users for VPN items and HTTPS certificates for SCCM later. Nothing to intensive.
Does anyone have a good method to get one up and running quickly?
What is the recommended platform for this, I have found having an offline one that is the root and then subordinates to issue the certificates as the idea. This seems really intensive.
I really just need one to issue certificates to devices/users for VPN items and HTTPS certificates for SCCM later. Nothing to intensive.
Does anyone have a good method to get one up and running quickly?
ASKER
@Coolie Ok that is a document I found and tried. I have a VM up and running off that one, but I am not sure it is working properly.
You can search AD and see what it says is your Certification Authority. This lets you know that you installed it correctly:
https://support.microsoft.com/en-us/help/555529
And if you want to test it out, you can follow the steps below to see if its working correctly.
https://www.wikihow.com/Install,-Configure,-and-Test-Certificate-Services-in-a-Windows-Server-2012-R2-Domain
https://support.microsoft.com/en-us/help/555529
And if you want to test it out, you can follow the steps below to see if its working correctly.
https://www.wikihow.com/Install,-Configure,-and-Test-Certificate-Services-in-a-Windows-Server-2012-R2-Domain
ASKER
OK, so I did Option 1 & 2 and I don't see it on there: yet I followed the guide. Any ideas or should I just try to rebuild again?
Option 1:
Name: "IFM-CA"
Organizational Unit: ""
Organization: ""
Locality: ""
State: ""
Country/region: ""
Config: "CA.IFM\IFM-CA"
Exchange Certificate: ""
Signature Certificate: "CA.IFM_IFM-CA.crt"
Description: ""
Server: "CA.IFM"
Authority: "IFM-CA"
Sanitized Name: "IFM-CA"
Short Name: "IFM-CA"
Sanitized Short Name: "IFM-CA"
Flags: "13"
Web Enrollment Servers: ""
CertUtil: -dump command completed successfully.
Option 2:
1. Logon by using domain administrator to computer that connect to the
domain.
2. Install Windows Support Tools.
3. Go to "Start" -> "Run" -> Write "adsiedit.msc" and press on "Enter" button.
4. Navigate to:
CN=Certification Authorities,CN=Public Key
Services,CN=Services,CN=Co nfiguratio n,DC=ntdom ain,DC=com
Under "Certification Authorities" you will find your Enterprise Root Certificate Autority server.
Option 1:
Name: "IFM-CA"
Organizational Unit: ""
Organization: ""
Locality: ""
State: ""
Country/region: ""
Config: "CA.IFM\IFM-CA"
Exchange Certificate: ""
Signature Certificate: "CA.IFM_IFM-CA.crt"
Description: ""
Server: "CA.IFM"
Authority: "IFM-CA"
Sanitized Name: "IFM-CA"
Short Name: "IFM-CA"
Sanitized Short Name: "IFM-CA"
Flags: "13"
Web Enrollment Servers: ""
CertUtil: -dump command completed successfully.
Option 2:
1. Logon by using domain administrator to computer that connect to the
domain.
2. Install Windows Support Tools.
3. Go to "Start" -> "Run" -> Write "adsiedit.msc" and press on "Enter" button.
4. Navigate to:
CN=Certification Authorities,CN=Public Key
Services,CN=Services,CN=Co
Under "Certification Authorities" you will find your Enterprise Root Certificate Autority server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Adam I do see it there, so that is a plus. Though I dont see it in ADSI
https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority
That's current and will get you up and running