WELCOME TO MY

PRESENTATION

Presented by: Presented to:

Name: XID: M-110303031Jagannath University, Dhaka-1100

Project ConsultantNetworking TechnologyJagannath University, Dhaka-1100

PRESENTATION ON

DEPLOY AND CONFIGURE AN ENTERPRISE ROOT CA

AND SUBORDINATE CA

ENTERPRISE ROOT CA

An enterprise root CA is certificate server that has signed its own certificate, is installed on a computer that is a member of the domain, and can issue certificates based on templates stored in Active Directory.

The Advantage of Enterprise Root CA Is TO :

We can configure issuance policies based on Active Directory properties. This means that an enterprise CA can automatically issue a specific type of certificate to a user, computer, or service without requiring the manual approval of an administrator.

Enterprise root CAs are suitable for organizations with fewer than 300 users who only need a single CA and do not need to deploy a complex CA hierarchy

PRE-REQUISITE TO CONFIGURE ENTERPRISE

ROOT CA

On Domain Controller Install the Active Directory Certificate Service

INSTALL THE ACTIVE DIRECTORY

CERTIFICATE SERVICES ROLE

Open Server Manager→Manage →Add Roles and Features

Select a Server from the server pool and then click next.

Select the Active Directory Certificate Services and then click next.

Select the role services to install for Active Directory Certificate Services and click next.

Select the role services to install for Web Server(IIS) and click next.

To install the following roles, roles services on this server and click install

Successfully completed installation progress and then close

Configure Active Directory Certificate Services .

On the AD CS Configuration Wizard ensure that the EUROPE\administrator is selected.

Now select Role Services to configure and click next

On the setup type page select Enterprise CA and click next.

Specify the name of the CA and then click next.

TO configure the following roles and features and click configure.

Select the Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service and click next

Select the CA name for certificate Enrollment Web Services and then click next

Ensure that Windows Integrated Authentication is selected and click next.

For specifying a Server Authentication Certificate, click europe-EUROPEMACHINE-CA and click next

Successfully configured Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service and click close

Enterprise Subordinate CA

An enterprise subordinate CA can obtain its signing certificate from a standalone root CA or an enterprise root CA. Enterprise subordinate CAs are able to issue certificates based on certificate templates that are stored in Active Directory.

Pre-requisite to Configure Enterprise Subordinate CA Join a server to a Enterprise Root CA

Domain Controller. Install AD CS Role.

Sign in to Europe Client as europe\administrator with password PTTC$123

Open Server Manager → Manage →Add Roles and Features

Select a Server from the server pool and then click next.

Select the Active Directory Certificate Services and then click next

Select the Certificate Authority to install the AD CS and click next

Configure AD CS on this Server

Specify credential to configure role services and click next.

Select Enterprise Root CA and click next

Select Subordinate CA and click next

Request a certificate from Parent CA and click next

TO configure the following roles and features and click configure.

AD CS Has been configured successfully and click close.

Server Manager Tools Certification Authority

Right click on europe-EUROPECM-CA and click properties

On the General tab and click Certificate#0 and click view certificate

Verify the certificate is issued by Europe-EUROPEMACHINE-CA and valid Date.

THANKS TOALL