Sunday, 1 July 2012

Active Directory Certificate Services (AD CS) & Web Enrollment

In the previous post we have seen "How to add a website in IIS7 Windows 2008". We were able to access the website from client machine using HTTP protocol. To make the communication between client and server secure, we use HTTPS i.e. http secure. The data transferred between client and server is first encrypted using the certificate and then sent. 

So let's see how to add a website in IIS7 Windows 2008 which uses HTTPS.

Prerequisite : Creating a website

Create a folder "website" in C: drive
Open a Notepad and copy paste the following code.

<html>
<body bgcolor="lightgreen">
<marquee behavior="alternate">
<h2>
Welcome to the home page of 
<font color="red">ciots.blogspot.com</font>
</h2>
</marquee>
</html>


Save the file in the website folder inside C: drive as "home.html"



Step 1 : Check the IPv4 Configuration is proper at the Server


Step 2 :  Configure DNS

Note: This step is very important for the success of the practical.


Open DNS Window and uncheck IPv6
Start - Administrative Tools- DNS
Right Click on Server
Select Properties
Select only the following IP Address
Uncheck IPv6 entry
OK

DNS - Uncheck IPv6
Create a Reverse Lookup Zone
Right Click on Reverse Lookup Zone -> Click New Zone -> Next -> 


Keep Primiary Zone Selected -> Next -> 
To all DNS servers in this domain : mcitp.com -> Next
IPv4 Reverse Lookup Zone -> Next
Enter the Network ID : 192.168.1 -> Next


Select Allow both nonsecure and secure dynamic updates -> Next -> Finish

Add an entry for www.mcitp.com
Expand Forward Lookup Zone
Select mcitp.com
Righ Click in the white space
Select New Host (A or AAAA) ...


Set the details as shown in the image and click Add Host


Step 3 : Install Role ADCS and Web Server (IIS)

Go to Server Manager
Click on Roles Node
Click Add Roles (Right side middle of the screen) -> Next
Select Active Directory Certificate Services
Select Web Server (IIS) -> Add Required Features -> Next -> Next


Select Certification Authority Web Enollment -> Add Required Role Services -> Next


Give Next -> Next (10 times) -> Install -> Close

Step 4 : Configuring IIS and Web Enrollment

Add Website
Start -> Administrative Tools -> Internet Information Service (IIS) Manager
Expand SERVER(MCITP\Administrator) Node
Right Click on Sites -> Add Web Site



Enter the details as follows.
Site name: test
Browse and set the website directory as Physical path
Select https as type
Select the IP Address : 192.168.1.10
Select SSL certificate : server.mcitp.com
(If you cannot see the above option, then do a log off and log in again)
Ok


Enable Directory Browsing
Expand Sites Node
Select test
Double Click on Directory Browsing




Click Enable (on the extreme right of the screen)

Delete Default Documents and make entry for home.html
Click on test node
Double Click on Default Documents


Delete all the documents
Right Click -> Add
Write : home.html
OK


SSL Settings
Click on test
Double Click on SSL settings


Check Require SSL
Select Require
Click Apply



Stop test web site
Select Test and click on stop

Step 5 : Install Certificate on client machine

Start the client machine (this machine is already in network with the server but not in domain)
Go to internet explorer and type URL http://mcitp.com/certsrv
Provide server Administrator credentials -> Ok


Click on Request a certificate


Click User Certificate
Click Submit Button -> Yes
Click Install this certificate
Yes-> Yes

Step 6 : Start test web site

Now come back to the IIS Manager on Server
Select Default Web Site and Stop it
Select test web site and Start it

Step 7 : Access the HTTPS website from client

Again go to the client browser and type https://mcitp.com
Yes -> Yes -> Ok ->
And the website is infront of you.

No comments:

Post a Comment

Your comments are very much valuable for us. Thanks for giving your precious time.