I used vCenter 5.5 with customization specifications to create the VM. Provision a standalone Windows Server 2012 R2 server. You just need to use the proper certificate template, and verify compatible algorithms. For instance, they will work perfectly fine on the Linux vCenter appliance, or your hardware load balancers. The Microsoft CA issues industry standard certificates (x.509), and thus will work with third party hardware and software. You will have a false sense of security and possibly do more harm than good. Please don’t take this solution as-is and throw it into production. However, for a lab environment where you want to test out a two-tiered model, then this short series is for you. ![]() For example, who can issue certificates? Who can revoke them? Do users need PKI certificates or just computers? How about key recovery? Disaster recovery? Do you need a hardware security module (HSM)? Do you require FIPS compliance? What ciphers and hashing algorithms will you allow? Where do you store the offline CA?Īs you can see, there are many questions and processes that need to be well documented for a solid PKI solution. Many operational procedures, access controls, etc. While this short series will provide the steps how to configure a two tiered hierarchy, it alone is not enterprise grade and ready for a fortune 500 company. This requires two VMs, each running Windows Server 2012 R2 (or plain 2012 if you wish).īuilding an enterprise CA is non-trivial, and should be highly process oriented. The process is fairly simple: Build an offline root, create an online issuing CA, setup a couple of templates, setup auto-enrollment, then do a little post setup configuration. Windows Server 2012 R2 Certificate Authority But I always have my own spin, so I think its worthwhile to do yet anther blog post on configuring a MS CA…the “Mr. Microsoft blogs have several PKI configuration series, which directly guided the content of this series. For this series I’m using Windows Server 2012 R2, but the steps are pretty much identical for Windows Server 2012. ![]() While I have written a number of articles focused on SSL certificates and templates, I have not done a mini-series on how to actually install a Windows Certificate Authority.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |