Installing Windows Certificate
|
|
|
|
| Articles Reviews Microsoft Windows | ||||||
| Written by Phil Harrison | ||||||
| Monday, 23 October 2006 | ||||||
Page 1 of 4
{mos_sb_discuss:42}
This section covers the creation of a certificate of authority server system that issues certificates and the process known as autoenrollment of certificates that automatically issues certificates to users and computers in a Windows 2003 Active Directory environment. Adding the Certificate Service to a Server The Certificate Service is the Windows service that allocates certificates to be issued to users and computers. It is nothing more than a service added to an existing Windows 2003 server system. To install the Certificate Service to a system, do the following: 1. On the server that will become your certificate server, click on Start | Settings | Control Panel. 2. Double-click on Add or Remove Programs, and then click on Add/Remove Windows Components. 3. Select the check box for Certificate Services. The warning note that pops up will inform you that once you install Certificate Services on this system, you cannot change the server name or domain membership. Assuming you are okay with this, click Yes to continue. 4. If you have not installed IIS Web Services on this system yet, in the Windows Components screen, highlight Application Server and click on Details. 5. Select the Internet Information Services (IIS) check box, and then click OK. Then click Next to begin the installation of the Certificate Services and IIS components. 6. Assuming this is the first certificate server in your environment, choose Enterprise Root CA for the type of certificate of authority server, and then click Next. 7. For the common name for this CA, enter a name. Typically, the name of the server is selected; however, a distinguishable name such as xyzCertServer (where xyz is a short name of the company) can help identify the certificate server in the future. 8. Leave the Distinguished Name Suffix and the Validity Period as is. The CA Identifying Information page should look similar to what is shown in Figure 1. Then click Next. Figure 1. Certificate identifying information settings. 
9. Click Next through the defaults of the Certificate Database Settings page (click Yes through the warning that IIS must be temporarily stopped). Click Finish after the installation of the component files has been completed. |
||||||
| Last Updated ( Saturday, 07 July 2007 ) | ||||||
Beyond the complexity of users having to perform critical system tasks to enable and access secured information, the security provided by these article methods is not even that good. A simple compromise of a shared key can invalidate the security of files, access systems, and secured communications. The better method is to use a certificate-based security system using encryption to provide a significantly higher level of security. Additionally, by automating the process, users do not have to be involved in the encryption, transport, or communications between their laptop or desktop, and the network. | < Prev |
|---|
