Lab 07
Perform the following
- Install a AD Certificate server on CPTR230A.
- I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
- Install IIS with an X.509 certificate for your default site on CPTR230A
- Install IIS Latest (include the management service)
- Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
- Click on: "Create Domain Certificate..." in the action pane.
- Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
- Click on your default web site to bind the certificate to your website.
- Click on Bindings, and click on ADD
- Add a binding for https and select the certificate that you just created.
Document the new services for each server on a new page named services I.e.
Services Installed:
CPTE230A (192.168.1.2)
- AD Certificate Authority
- IIS (With SSL Certificate from AD Cert. Auth.)
Video Grade Guide
Topics |
Points |
Video shows the Certificate Server and certificates issued on CPTR230A |
30 |
Video shows a website showing certificate, and that it is trusted by your browser. |
60 |
Video talks through the documentation |
10 |
Only if you are using Core - IISInstallCertificateFromCommandLine. If you take this option, you will complete everything but the next item, which you do need!
Only if you are using Core - See remote administration docs.
From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”