IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

2.3 Issue-Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise

I'm sure that you now have a subordinate Certificate Authority alongside with the Web Enrollment app, and you might think everything is ready to do certificate issuances?

Effortlessly, the Root CA has no roles to do, why we need it?

Remember, there is a step during Certificate Authority installation that requires you to enter root CA address to obtain a CA certificate for the sub-CA.

The subordinate CA cannot be used until it has been issued a root CA certificate and this certificate has been used to complete the installation of the subordinate CA.

You must ask permissions to become a component in the domain's PKI so that you have a certificate to work, be published into AD DS system to integrate GPO/policies, to be trusted, etc.

[00:16] "How CA Certificates Work" – technet.microsoft.com

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

https://web.archive.org/web/20170110083012/http://www.arthurremy.com/index.php/107-tutorials/342-installing-a-two-tier-pki-hierarchy-in-windows-server-2016

[00:19] According to best practices, the Root CA should remain isolatedly, so the process of subordinate certificate obtaining might require exchange .req and .cer files manually.

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

In this VMware Workstation virtual lab, we use the 2nd method about submitting a CA Certificate request through an online channel.

Let's switch to the Root CA WS 2008 R2, open Certificate Authority certsrv console, navigate into the Pending Requests section.

Verify Request ID, Binary Request, Status Code, Disposition Message, Submission Date, Requester Name.

In fact, you should take care of Country/Region, Organization, Organizational Unit, etc. also.

[00:51] After you confirmed that request by click the Issue menu, navigate into the Issued Certificates section to see the newly created certificate for the sCA.

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

It was generated via the Subordinate Certificate template with default settings.

You can verify it by inspecting Request ID, Requester Name, Binary Certificate, Serial Number, Effective Date, Expiration Date, etc. through the Certificate dialog if needed.

[01:11] Now you just need to export that certificate and transfer through secure medium to this sCA and import it.

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

[01:32] Similarly, open Certificate Authority console, launch the Install CA Certificate dialog.

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

You can always request a new one through the CA Certificate Request tool.

Select an online CA to send the request by specifying Computer Name, Parent CA.

If you want to send the request to an offline CA, click Cancel and send the requested file at C:\…req to your parent CA.

[01:51] "Exporting the Certification Authority Certificates" – technet.microsoft.com

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

https://docs.microsoft.com/en-us/previous-versions/tn-archive/dd261928(v=technet.10)

[01:56]

[02:01] Keep in mind that if "Active Directory Certificate Services is stopped. Certain properties will be unavailable."

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

[02:11] "Installing a Two Tier PKI Hierarchy in Windows Server 2016" – arthurremy.com

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

http://arthurremy.com/index.php/107-tutorials/342-installing-a-two-tier-pki-hierarchy-in-windows-server-2016

[02:17] Well done, with that certificate, this sCA now can communicate with clients as well as other CAs to do further PKI's operations.

2 3 Issue Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise | IIAMWAD-Implementing Identity and Access Management in Windows Server Active Directory

[02:24] "Step by Step: Deploying an Enterprise Subordinate CA in Server 2012 R2 (Part 2)" – mizitechinfo.wordpress.com


https://mizitechinfo.wordpress.com/2013/08/31/step-by-step-deploying-an-enterprise-subordinate-ca-in-server-2012-r2-part-2/

This series: Installing and Configuring Active Directory Certificate Services Server Role focus mainly on building a strong foundation of the PKI before we go ahead.

It is recommended that you apply the Certificate Revocation List even in a test lab, that will be presented in part 3.

[02:33]

[SHAZAM]


http://shazam.marvel-it.icu/s=1c9d2641&f=ZtH2Q8iK

[YOUTUBE]

Issue-Install certificates through Subordinate Certificate Authority Windows Server 2008 Enterprise

Tags

Related Articles

Back to top button