1 / 36

Windows 2000 Certificate Authority

Windows 2000 Certificate Authority. By Saunders Roesser. What is a Certificate Authority (CA)?.

darcelh
Download Presentation

Windows 2000 Certificate Authority

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 2000 Certificate Authority By Saunders Roesser

  2. What is a Certificate Authority (CA)? • Straight from Microsoft: “A certification authority is a service that issues the certificates needed to run a public key infrastructure. The CA could be an external commercial CA, or it could be a CA run by your company. The certificates enable a user to log on using a smart card, send encrypted e-mail, code-sign documents, and more. Since a CA is an important trust point in an organization, most organizations will have their own CA. “

  3. Types of MS Certificate Authorities • Enterprise CA • Stand Alone CA

  4. Enterprise CA • An enterprise CA is used with a Windows 2000 domain and Active Directory Services. • Requires entries of user in Active Directory in order to request certificate. • Can be used in logon security. • Two subclasses: • Root • Subordinate

  5. Standalone CA • For issuing certificates to users or computers outside a Windows 2000 domain. • Cannot be used for logon security. • Two subclasses: • Root • Subordinate

  6. CA Organization • CAs are organized into a hierarchy • One root trust point. • Subordinates are trusted because the root node is trusted. • You can have more then one Enterprise CA in an active directory domain. As well as you can mix standalone CAs with enterprise ones.

  7. Enterprise CA requirements • Windows 2000 Server • Windows 2000 DNS • Active Directory Services • Administrative Rights • Can be installed on a domain controller or domain member computer.

  8. Standalone CA Requirements • Windows 2000 Server • Local Administrative Rights

  9. The Actual Setup • Concerned with Enterprise CA setup • First, you need administrative rights in the already established Active Directory.

  10. The Install • Use the “Add/Remove Programs” control panel. • Click “Add/Remove Windows Components” • Check “Certificate Services”. • Also check IIS if you wish to use the web based components (if it isn't already checked).

  11. Install continued.. • Specify the Type of CA: • If Active Directory is not installed, you can only install a stand alone Certificate Authority. • If an Active Directory is detected, the Enterprise root CAoption is selected if there are no CAs already registered in the Active Directory. • If there are CAs registered in the Active Directory, the Enterprise subordinate CAoption is selected.

  12. Install Continued • Choose Length Keys to generate: • 384 bit to 16384 bit • Used Existing Keys? • Set the CA name (common name) • Valid for time (how long till the root certificate expires) • Install Location options, including shared folders.

  13. Install continued. • If IIS is installed, it is required to restart, to install Certificate Services on the web server. • Options to install a Commercial certificate. • That’s it.

  14. Remove CA • If you wish to uninstall a CA, just go to “Add/Remove Programs” then “Add Windows Components” and uncheck the box for “Certificate Services”

  15. How to Administrate a CA • Used the Certificate Authority Administrative Tool.

  16. Administrating • From the Administrative Tool, you can: • Issue New Certificates • Revoke Certificates • See Pending Requests • Failed Requests • Policy Settings

  17. Common Uses • Certificate for Dial-in Users • Encrypted/Non-repudiation emails • Encrypted File System • Web Server • VPN support

  18. IIS Certificate Install • Want to make your website do SSL? • Install a certificate.

  19. CA Web Services • http://localhost/certsrv • Can create certificates for clients

  20. Active Directory

  21. Certificate Authority • Questions? • Comments?

More Related