So the WWW Publishing Service is already running, the next step is to install Enterprise CA software.
Install Certificate Services in Enterprise CA mode
Microsoft Certificate Services will be installed in this mode on the domain controller itself. There are advantages when installing CA in Enterprise mode (as opposed to Standalone mode) including:
• The CA root certificate (root CA certificate) is automatically included in the Certificate storage area of Trusted Root Certification Authorities (certificate store) on all member machines of the Domain (domain member). Computer members of Domains when using transactions need Certificates to improve security, can easily find legal providers - CA servers, in Trusted Root Certification Authorities on their Computer.
• Clients also easily use the Certificates MMC snap-in (at RUN, type mmc , choose File, Add / Remove snap-in , Add , choose Certificates) , and easily use this snap-in to request certificates from CA Servers or from CA's Websites
• All computers in the domain can be assigned to multiple Certificates through the Active Directory autoenrollment feature
Note that it is not necessary to install CA in Enterprise mode. You can install CA in Standalone mode, but in this Lab we will not mention standalone mode or how to get a certificate from a Standalone CA
Perform the following steps to install the Enterprise CA on the Domain Controller EXCHANGE2003BE
1. Click Start , Control Panel . Click Add or Remove Programs .
2. In Add or Remove Programs , click Add / Remove Windows Components
3. On the Windows Components page, drag the list down and check the Certificate Services checkbox. Click Yes in the Microsoft Certificate Services dialog box, notice that the informing you may not change the name of the machine or the domain member's machine when it is acting as a CA '. This is very obvious. You cannot change Computer Name or change this Computer Domain membership, after you have installed CA service.Click Yes.
4. Click Next on the Windows Components page.
5. On the CA Type page, select Enterprise root CA option and click Next .
http://www.tacteam.net/isaserverorg/isabokit/9dnssupport/9dnssupport.htm
In this text box, you enter the NetBIOS name of the domain controller as EXCHANGE2003BE . Click
Next .
7. If this Computer previously installed a CA, you will be asked ' you wish to overwrite the existing key', overwriting existing keys . If you have deployed other CAs on the Network, you may not overwrite the current keys. And if this is the first CA, it is acceptable to overwrite the existing key . In this example we have not previously installed the CA on Computer so there is no dialog box shown above
8. In the Certificate Database Settings page, use the default storage location for Certificate Database and Certificate database log text boxes. Click Next .
9. Click Yes in Microsoft Certificate Services dialog box, you receive a message to restart the Internet
Information Services . Click Yes to stop service. Service will be restarted automatically.
10. Click OK in Insert Disk dialog box. In Files Needed dialog box, insert the I386 folder path in Copy file from text box and click OK.
11. Click Finish on the Completing the Windows Components Wizard page.
12. Close Add or Remove Programs.
At this point Enterprise CA can issue certificates to other Computers in the Domain through autoenrollment , Certificates mmc snap-in , or through the Web enrollment site. In this ISA Server 2004 configuration guide, we will allocate a Web site certificate to the OWA Web site and also allocate Computer certificates for ISA Server 2004 Firewall computer and for external VPNs.
client and VPN gateway (VPN router) machine.
Conclude:
In this section we discussed using a CA-Certificate Authority and how to install an Enterprise CA on the Domain controller in the internal Network . And next we will use the Enterprise CA to grant Computer Certificates to VPN clients and servers, and also provide a Web Server certificate site for Exchange Server's Outlook Web Access Web site.
Ho Viet Ha - Owner
Network Information Security Vietnam, Inc.
http://nis.com.vn