Configure Local Certification Authority on Windows Server 2003

Now you have configured a IPSec VPN or SSL VPN for your company employees and want to authenticate using Digital Certificates. You have an option that you can go to any Public Certification Authorities like Verisign or godaddy to get digital certificates, for which you will be charged money. Another option is to configure a Windows Server 2003 as a Certificate Server and issue certificates from that server. Also you can install the public key of the Certificate server to the client's PCs, so that their browser don't show warning while accessing the URL. Here is how you can configure Local Certificate Authority on Windows Server 2003.


Step1: Install the IIS Service

In order to install CA, you first need to install IIS on Windows Server 2003. (Optionally you can install the full Application Server role.)



Step2: Install CA component.

1. Go to Control Panel >> Add or Remove Programs  >> Add/Remove Windows Components.

2. In the Windows Component Wizard, select Certificate Services and press Next.


3.  On the CA type page, select Enterprise root CA and click next.


4.  On the CA Identification Information, in the Common Name for this CA field, fill the name of the server and then click next.


5. In the Certificate Database Settings, just click next without doing any changes.


6. You can manage this CA server by going to Administrative Tools >> Certification Authority.



7. It's done!. Now the server can issue digital certificates to others.






No comments:

Post a Comment