Configure Local Certification Authority on Windows Server 2003

Now you have configured a IPSec VPN or SSL VPN for your company employees and want to authenticate using Digital Certificates. You have an option that you can go to any Public Certification Authorities like Verisign or godaddy to get digital certificates, for which you will be charged money. Another option is to configure a Windows Server 2003 as a Certificate Server and issue certificates from that server. Also you can install the public key of the Certificate server to the client's PCs, so that their browser don't show warning while accessing the URL. Here is how you can configure Local Certificate Authority on Windows Server 2003.

Step1: Install the IIS Service

In order to install CA, you first need to install IIS on Windows Server 2003. (Optionally you can install the full Application Server role.)

Step2: Install CA component.

1. Go to Control Panel >> Add or Remove Programs  >> Add/Remove Windows Components.

2. In the Windows Component Wizard, select Certificate Services and press Next.

3.  On the CA type page, select Enterprise root CA and click next.

4.  On the CA Identification Information, in the Common Name for this CA field, fill the name of the server and then click next.

5. In the Certificate Database Settings, just click next without doing any changes.

6. You can manage this CA server by going to Administrative Tools >> Certification Authority.

7. It's done!. Now the server can issue digital certificates to others.


Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration