Using smartcards to logon to Windows - Set up certificate management environment [1/4]
Posted: Fri May 20, 2016 4:22 am
Set up smart card certificate management environment
1) Install Windows Server 2008 Enterprise Edition
2) Add Roles:
Select "Start->Server Manager->Roles", click "Add Roles", start "Add Roles Wizard" and install the required server roles:
a) Select "DNS Server" to install and follow the prompts to complete the installation;
b) Select "Active Directory Domain Services" to install and follow the prompts to complete the installation;
c) Run"dcpromo", start the domain controller installation wizard and follow prompts to complete the installation and choose Windows 2008. The following figure is configuration info, others are default options. The Name of Forest Root Domain in Figure C-4.png will be used in adding domain of local computer. The password in Figure C-10.png will be used when this domain controller is started in Directory Services Restore Mode.
d) Select "Web Server (IIS)" and "Active Directory Certificate Services" to install, follow the prompts to complete the installation, see the figure d-3
Click "Next", select Certification Authority and Certification Authority Web Enrollment;
Select "Enterprise" and click "Next";
Select "Root CA" and click "Next";
Select "Create a new private key", click "Next";
In "Configure Cryptography for CA" window, configure as follows, click "Next" until "Confirm Installation Selections" appears;
In "Configure CA Name" window, Common name for this CA is server-WIN-BP8PSK12IOH-CA by default.
e) Select "Network Policy and Access Services" to install and click "Next". In Select Role Services window, configure as follows. Click "Next" until the installation is completed.
- ------ Configure Windows 2008 CA
1) Install Windows Server 2008 Enterprise Edition
2) Add Roles:
Select "Start->Server Manager->Roles", click "Add Roles", start "Add Roles Wizard" and install the required server roles:
a) Select "DNS Server" to install and follow the prompts to complete the installation;
b) Select "Active Directory Domain Services" to install and follow the prompts to complete the installation;
c) Run"dcpromo", start the domain controller installation wizard and follow prompts to complete the installation and choose Windows 2008. The following figure is configuration info, others are default options. The Name of Forest Root Domain in Figure C-4.png will be used in adding domain of local computer. The password in Figure C-10.png will be used when this domain controller is started in Directory Services Restore Mode.
d) Select "Web Server (IIS)" and "Active Directory Certificate Services" to install, follow the prompts to complete the installation, see the figure d-3
Click "Next", select Certification Authority and Certification Authority Web Enrollment;
Select "Enterprise" and click "Next";
Select "Root CA" and click "Next";
Select "Create a new private key", click "Next";
In "Configure Cryptography for CA" window, configure as follows, click "Next" until "Confirm Installation Selections" appears;
In "Configure CA Name" window, Common name for this CA is server-WIN-BP8PSK12IOH-CA by default.
e) Select "Network Policy and Access Services" to install and click "Next". In Select Role Services window, configure as follows. Click "Next" until the installation is completed.