Chris here again. Today we are going to cover configuring SSL for the Web Enrollment website which will allow Windows Server 2008 and Windows clients to use the Web Enrollment website. We are also going to cover enabling Key Archival.
Configuring SSL for Web Enrollment
Windows Server 2008 (R2) requires SSL in order to connect to the Web Enrollment pages. The first thing that must be done after installing the Web Enrollment role is to enable SSL on the web site within IIS. To begin, I am going to go through the process to request an SSL certificate for my web server.
In Part III I covered implementing certificate templates. The fictional company, Fabrikam, created a customized template for web servers called Fabrikam WebServer. This template was configured to construct the certificate subject information from Active Directory. When a server requests a Fabrikam Webserver certificate from the CA, the CA will place the DNS name of the server in the Subject of the issued certificate. Below are the steps to follow in order to request a certificate based on the Fabrikam WebServer template.
Requesting an SSL Certificate
In Part III I covered implementing certificate templates. The fictional company, Fabrikam, created a customized template for web servers called Fabrikam WebServer. This template was configured to construct the certificate subject information from Active Directory. When a server requests a Fabrikam Webserver certificate from the CA, the CA will place the DNS name of the server in the Subject of the issued certificate. Below are the steps to follow in order to request a certificate based on the Fabrikam WebServer template.
1. Click Start button, then Run, and enter MMC in the Run box and click OK.
2. Click on File from the menu bar and select Add/Remove Snap-in…
3. Select Certificates and click the Add button
4. When prompted for the context that the Certificates MMC should run in select Computer Account, and then click Next, then Finish.
5. Click OK, to close the Add or Remove Snap-ins page.
6. Expand Certificates (Local Computer), right-click on Personal, and select Request New Certificate… from the context menu.
7. This starts the Certificate Enrollment wizard. Click Next to continue.
8. Select the Fabrikam WebServer certificate template, and then click Next to request the certificate.
9. As seen below, the certificate has been successfully requested. Click Finish to close the wizard.
| 