Differences between revisions 29 and 42 (spanning 13 versions)
Revision 29 as of 2021-10-28 15:49:00
Size: 2970
Editor: scot
Comment:
Revision 42 as of 2023-11-02 19:30:29
Size: 2295
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 1. Install a AD Certificate server on CPTE230A.
    1. I used all defaults for my AD Certificate server as a Enterprise Root CA.
 1. Install IIS with an X.508 certificate for your default site on CPTE230A
    1. Install IIS 10 (include the management service)
    1. Optionally [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. If not installed on the Windows Client, install IIS management Console from [[https://www.microsoft.com/en-us/download/details.aspx?id=41177|here]].
       a. Although this is nice to have on hand, and we will use it later, you will have to use the GUI installed on the server (along with the feature on demand: !AppCompatibility see [[https://docs.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand|here]]) NOTE: If you get errors installing server-core-app-compatibility-feature-on-demand, make sure to install updates, without these we have experienced repeated failures.
       a. Remember that even with the !AppCompatibilty package installed, you do not have the ability to use a file browser. Do not use the ellipses to select a file or the MMC will crash.
    1. With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: Create a Certificate Request... in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cpte230b.scot.anderson.internal"
    1. Copy the file CPTE230A.
    1. From a command prompt type: {{{certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”}}} This will create a file containing you certificate to install. 		 1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
 1. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    1. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    1. Click on: "Create Domain Certificate..." in the action pane.
    1. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just created.

{{{#!wiki comment
    1. '''Only if you are using Core''' - [[IISInstallCertificateFromCommandLine]]. If you take this option, you will complete everything but the next item, which you do need!
    1. '''Only if you are using Core''' - See [[https://docs.microsoft.com/en-us/iis/manage/remote-administration/remote-administration-for-iis-manager|remote administration]] docs.
    1. From a command prompt type: certreq -submit -attrib “CertificateTemplate:WebServer” “C:\...\cert.req”
       1. This will create a file containing you certificate to install.
Line 22: Line 24:
 1. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    1. Add a binding for https and select the certificate that you just imported. 		}}}
Line 35: Line 35:

CPTE 230B (192.168.1.3)
Line 39: Line 36:

Note we will be installing a webservice on CPTE 230 B in the next lab.

Lab 07

Perform the following

  1. Install a AD Certificate server on CPTR230A.
    1. I used all defaults for configuring my AD Certificate server as a Enterprise Root CA. If you haven't done this step, look at the server management console and click on the Yellow Triangle and click on configure your certificate authority link.
  2. Install IIS with an X.509 certificate for your default site on CPTR230A
    1. Install IIS Latest (include the management service)
    2. Using IIS Admin Console: With the Server selected in the navigation pane, double click the Server Certificates icon in the central details pane.
    3. Click on: "Create Domain Certificate..." in the action pane.
    4. Make sure to use your full hostname for the common name. E.g. I used "cptr230a.scot.internal"
  3. Click on your default web site to bind the certificate to your website.
    1. Click on Bindings, and click on ADD
    2. Add a binding for https and select the certificate that you just created.

Document the new services for each server on a new page named services I.e.

Services Installed:

CPTE230A (192.168.1.2)

  • AD Certificate Authority
  • IIS (With SSL Certificate from AD Cert. Auth.)

Video Grade Guide

Topics

Points

Video shows the Certificate Server and certificates issued on CPTE230A

30

Video shows a website showing certificate, and that it is trusted by your browser.

60

Video talks through the documentation

10

WindowsAdministration/Lab07WebServerInstall (last edited 2023-11-02 19:30:29 by scot)