Home > Articles > Certification > CompTIA

  • Print
  • + Share This
From the author of Step 2: Configure the Certificate Authority (CA) on the Server

Step 2: Configure the Certificate Authority (CA) on the Server

Now you need to set up the CA to hand out certificates automatically, and turn on the IP Security policy.

  1. First, though, set up an MMC if you have not already and add the Certificate Authority snap-in (for the local computer), as well as the Default Domain Policy (select the Group Policy Object editor snap-in, Browse, and then Default Domain Policy).
  2. Set up the server to hand out certificates automatically.
    1. In the MMC, click the Default Domain Policy entry, select Computer Configuration, choose Windows Settings, click Security Settings, select Public Key Policies, and choose Automatic Certificate Request Settings.
    2. Right-click the Automatic Certificate Request Settings entry, select New, and then select Automatic Certificate Request.
    3. A wizard is launched. Click Next.
    4. When asked what type of auto certificate template you want to install, select Computer as shown in Figure 2 Then click Next.
    5. Figure 2 The Certificate Template screen.

    6. Click Finish. You should see a certificate template called Computer on the right side window pane in the MMC.
    7. Save the MMC.
  3. Turn on the IP Security Policy.
    1. Within the MMC expand the following options in the left window pane: Default Domain Policy > Computer Configuration > Windows Settings > Security Settings. Click once on IP Security Policies on Active Directory.
    2. This should bring up three policies on the right hand side. None of these are yet assigned.
    3. Right click the Secure Server (require Security) option and select Assign. This should assign the security policy allowing clients to connect.
    4. Save the MMC and close it.
  • + Share This
  • 🔖 Save To Your Account