Before I show you how to create an enterprise certificate authority, I want to give you a few words of caution. Installing a certificate authority is not a process to be taken lightly. If someone gains unauthorized access to your certificate authority, that person pretty much owns your network. Likewise, if a certificate authority server crashes, it can be devastating to your network.
Therefore, protect your certificate authority server the way you would protect a nuclear bomb. Make sure that it is as secure as possible and that you perform full system backups frequently. You also want to protect those backups so they are not accidentally compromised.
- With that said, select Add/Remove Programs from the Control Panel and click the Add/Remove Windows Components button.
- Choose Certificate Services from the list of Windows components.
- You will see a warning message indicating that you won't be able to rename the machine or change its group membership after the certificate services are installed. Click Yes to acknowledge the warning and then click Next to begin installing the certificate authority.
- Choose Enterprise Root CA as the type of certificate authority you want to install and click Next. You will now be prompted to enter a common name for the certificate authority. You must also select a certificate validity period. The default setting allows certificates to be valid for five years, but you can increase or decrease this time frame according to your own corporate security policy.
- Fill out these two items, then click Next. Windows will begin generating cryptographic keys.
- You will be prompted to enter a location for the certificate database. Select the default location (unless you want to place the databases onto a volume with better performance or fault tolerance) and click Next.
- You will now see a message indicating that Windows must restart the IIS services. Click 'Yes' and Windows will install the necessary components.
HOW TO SET UP A VPN
Step 1: Setup requirements
Step 2: Implement DHCP services
Step 3: Create an enterprise certificate authority
Step 4: Install IAS
Step 5: Configure IAS
Step 6: Create a remote access policy
Step 7: Configure the VPN server
Step 8: Associate the VPN server with the DHCP server
Step 9: Configure your remote clients
Step 10: Test the client connection
Step 11: Alternate VPN configuration options
ABOUT THE AUTHOR
Brien M. Posey, MCSE, is a Microsoft MVP for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. For more information visit www.brienposey.com.