Implementing a Public Key Infrastructure (PKI), Windows Server 2003, Part I - Finishing up the Installation, Conclusions
(Page 4 of 4 )
10. On the CA Identifying Information window:
- Type in a Common Name for this CA. Keep in mind that the common name cannot exceed 64 characters in length. However, it is recommended that you use a maximum length of 51 characters to prevent an encoding length rule violation.
- The customized field distinguished name suffix is optional. You can also set the distinguished name suffix at a later time.
- This information is filled in automatically if the CA is joined to an Active Directory–based domain.
- In Validity period, select 10 years. Click Next.
11. If you have previously uninstalled a CA on the computer you are configuring, you will receive a warning message telling you that you will overwrite the private key from the previous CA installation. For obvious reasons, you should ensure that the private key is never required again. If you continue, a new key is generated and the new key replaces the existing key.
12. In Certificate Database Settings do the following:
- In Certificate database and Certificate database log, enter the locations to store the related configuration information. You can specify the local path C:\WINDOWS\System32\CertLog.
- Select the option Store configuration information in a shared folder and specify a pathname as the name for the shared folder. The path can be either a universal naming convention (UNC) path such as the default, \\Localhost\CAConfig, or a local path, such as C:\CAConfig. If the computer does not have network cards installed, or has all network interfaces disabled, you must choose a local path. Click Next.
13. The Microsoft Certificate Services dialog box informs you that Internet Information Services must be temporarily stopped. Click Yes.
14. Microsoft Windows Server 2003 installation CD is required.
15. The Microsoft Certificate Services dialog box informs you that Active Server Pages must be enabled on IIS if you wish to use the Certificate Services Web enrollment site. Click Yes.
16. Click Finish on the Completing the Windows Components Wizard window.
17. Close the Add or Remove Programs window.
The Stand-alone Root Certificate Authority is now installed and can issue certificates. The following picture presents the Web Interface of Microsoft Certificate Services after implementing the stand-alone Certificate Authority that you can use to request certificates.
For further information about managing or troubleshooting the PKI you just created, you can visit Microsoft’s site and read related articles.
Conclusions
In today’s era of insecurities, it is critical for every organization to apply appropriate technology and try minimizing security problems. A must-have technology for today’s conditions is Public key Infrastructure (PKI), a favoured option among network implementers.
Installing and maintaining a PKI is not a simple task to do. My aim when writing this article was to give you a start point on PKI so you could be able to benefit as much as possible of what PKI has to offer you. Good luck in your efforts!
Reference
Best Practices for Implementing a Windows Server 2003 Public Key Infrastructure:
http://www.microsoft.com/technet/prodtechnol/
windowsserver2003/technologies/security/ws3pkibp.mspx
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 18 
