Skip to main content

Configure HTTPS authentication to CA Server

In previous post, I demonstrated steps to install a Certificate Authority server as well as enabling Web enrollment. All good so far. However, when we tried to proceed with web enrollment, below message box appeared :
In order to complete certificate enrollment, the Web site for the CA must be configured to use HTTPS authentication.
To make it worst (not really), if we tried to access to the web page by using HTTPS, no page can be displayed. 

 Luckily, Microsoft has compiled all needed steps on how to get it resolved, as posted here.
Implementing SSL on a Web site in the domain with an Enterprise CA
The following example will assume that you have an Enterprise CA from which to issue certificates. Further, the assumption is that you have a Certification Authority Web Enrollment pages installed, either on that CA or on another computer in the domain. This example will walk through the steps necessary to do the following:
  1. Configure an appropriate certificate template for SSL certificates.
  2. Obtain a certificate for IIS using the certificate template
  3. Configure the HTTPS on the Default Web Site
  4. Connect to the HTTPS location for certificate enrollment




So, let's start with those steps.

1) Configure an appropriate certificate template for SSL certificates.
  1.  Launch Certificate Authority Console


  2.  Right click Certificate Templates | Manage


  3.  Certificate Templates Console will launch. Look for Web Server template, right click at it, and choose Duplicate Template


  4.  At Compatibility tab, you may want to maintain or change the settings depending on the environment.


  5.   Go to General tab, and change the name of the template to reflect correct usage. Change the certificate validity and renewal period if needed.


  6.  Go to Security tab, add 2 information :
    • User/Group Accounts which will be used in enrollment
    • Computer accounts which require ability to enroll






  7.   Go to Cryptography tab, make changes if needed. Once all good, click Apply then OK.


  8.  New template created. Close the Certificate Templates Console.


  9. At Certificate Authority Console, right click at Certificate Templates | New | Certificate Template to Issue. Find the newly created certificate templates, click on it, then click OK.



     
2) Obtain a certificate for IIS using the certificate template

  1.  Launch MMC console


  2.  Go to File | Add/Remove Snap-in...


  3.  Click at Certificate | Add >



  4.  Choose Computer account, and click Next >


  5.  Choose Local computer, then click Finish.


  6.  Click OK.


  7.  Expand certificate (Local Computer) | right click at Personal | Choose All Tasks | click at Request New Certificate


  8.  click Next.


  9.  Select Active Directory Enrollment Policy, then click next


  10. Click at ' More information is required to enroll for this certificate. Click here to configure settings. ' (coloured in blue).


  11.  We need to configure who will receive the certificate. In this case, the rootCA server. At Subject tab, at Subject name box, change the type to Common name, put in the value, and click Add >. Once done, click Apply then OK.


  12.  Click enroll.


  13.  Enrolling


  14.  Click Finish.




3) Configure the HTTPS on the Default Web Site

  1.  Launch IIS Manager


  2.  Navigate to Default Web Site (or if you have more, choose appropriately).


  3.  At Action column, click at Bindings...



  4.  Click at https, and click at Edit...


  5.  Change the SSL certificate to correct certificate (you can press View... to check to whom certificate is being issued)





  6.  Click OK.


  7.  Click Close.


4) Connect to the HTTPS location for certificate enrollment

  1.  launch the web enrollment with HTTPS. UID required, access the web using ID which previously configured.


  2.  This page will appeared if you try to access using unauthorized user ID.


  3.  Website launched successfully with HTTPS.
Labels:
Location: Auckland, New Zealand

Comments

Post a Comment

Popular posts from this blog

How To Change NetBIOS Name of A Computer

So yes... After 4 months without new contents, so I started with this. It looks easier to do (well, it is), but before you do that, you may want to read this  to understand the difference between hostname and netBIOS, then starts to explore on when to use them, their limitations etc etc. I won't discuss here (or maybe not today). So let's back to the topic.   Description : Changing NetBIOS Name of A Computer. ComputerName : NetBIOS : How To Do :  Go to Start > Run , and type REGEDIT  Browse to Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > ComputerName > ComputerName At the right side, double click at ComputerName string, and put correct Value data . Press OK .  Then you will get this Reboot your computer / VM. Once it is up, double check your netBIOS name. New name shall be reflected
3 comments
Read more

Session Settings Not Listed in Citrix Web Interface web site.

In previous post , I mentioned on what need to be done by users in case the publsihed applications did not successfully launched in seamless mode. However, in some cases, users might not be able to see the option. This post will help to solve it. Issues : Session Settings preference is not listed in Citrix Web Interface web site. This is due to the option is not enabled. It can be checked at Citrix Web Interface Management Console. Troubleshooting   Launch Citrix Web Interface Management Console . Browse to Citrix Web Interface > XenApp Web Sites . You will see lists of created Sites.  Right click at the required farm URL.  Choose S e ssion Preference  This window will appeared. Browse to Remote Connnection > Display . You will see the option " Allow users to customize window size " is unchecked . Resolution : Check the option " Allow users to customize window size ", and press OK  Get users to refresh the Web
2 comments
Read more

Microsoft Assessment and Planning (MAP) Toolkit - Extract Report (3/4)

As mentioned in  the first post , this KB series is about Microsoft Assessment and Planning (MAP) Toolkit. There are 4 main steps : Install MAP Toolkit and its basic configuration Collect inventory Data  Extract Report Extract Advanced Report Once inventory data collected, we can generate reports. From the inventory data collected earlier, we can use options in the toolkit to generate the report. For this example, we re going to discover Windows 10 Readiness This KB is about  how to generate report from collected inventory data. At Overview page, select the targeted scenario category. In this example, it is Desktop . At this page, select specific scenario that we after. In this example, it is Windows 10 Readiness.     It is possible to customize assessment properties. The properties will set the threshold of the assessment, such as, threshold for minimum CPU speed, acceptable free disk, as well as minimum assigned RAM. To do so, select Customize assessment pr
Post a Comment
Read more