Plan du site  
pixel
pixel

Articles - Étudiants SUPINFO

installation and configuration of the ADCS

Par Julien GROSSIN Publié le 06/10/2019 à 15:27:30 Noter cet article:
(0 votes)
Avis favorable du comité de lecture

Introduction - What is ADCS?

The Active Directory Certificate Services (AD CS) is a role of Windows Server linked to the active directory which aims to create, manage digital certificates within the computer system of the company.

ADCS integrates 6 service roles: Certification Authority, Certificate Enrollment Policy Web Service, Certificate Enrollment Web Service, Certification Authority Web Enrollment, Network Device Enrollment Service, and Online Responder.

In this article we will focus on the Certification Authority and Certification Authority Web Enrollment components.

The interest of using certificates

Certificates will allow servers to trust connected desktops, allow customers to shop securely online, and secure conversations by encrypting them.

Certificate Authority and PKI

The certificate authority (CA) is responsible for issuing digital certificates for authentication.

Data encryption is achieved through private keys and public keys.

The certificate authority will be able to make the relationship between the private key and the public key that corresponds to it.

Trust between the user and the certificate

The user, the client or the workstations must have confidence in the origin of the certificate or more explicitly from where it was issued.

A trustworthy certificate is a certificate that has been approved, validated by a trusted certification authority that is trustworthy.

If a visitor visits a site containing an untrustworthy certificate, then he will see a warning message asking if he really wants to continue to the website.

Prerequisites for installing the ADCS

ADCS requires a few installations and configurations beforehand:

  • A server with the Windows Server OS 2016

  • A forest with a configured domain. In our case it will be "exemple.com".

It is also advisable to have knowledge of the Windows server environment as well as the Active directory.

You can find information by clicking on the following links:

  • https://social.technet.microsoft.com/

  • https://www.microsoft.com/en-us/cloud-platform/windows-server

  • https://www.lynda.com/Windows-Server-tutorials/Windows-Server-2016-Install-Configure-Active-Directory/520536-2.html

Installation and configuration

To start the installation, go to the "Server Manager"

In the "Manage" tab select "Add Roles and Features"

Click on "Next"

Click on “Next

Select the server where you want to install the ADCS and click on "Next"

Select "Active Directory Certificate Services" then "Next"

Click on "Next"

Click on "Next"

Select Services: "Certification Authority" and "Certification Authority Web Enrollment" then "Next"

For the "Certification Authority Web Enrollment" service, the Web Server Role (IIS) is required. Click on "Next".

Click on "Next"

Confirm the installation by clicking on "Install"

Once the installation is complete, you must proceed to the configuration of the "Active Directory Certificate Services"

Select "configure Active Directory Certificate Services"

In the "Credentials" section enter the user in charge of the administration of the service. Then "Next".

Select Services: "Certification Authority" and "Certification Authority Web Enrollment" then "Next"

Select "Enterprise CA", Then "Next "

Select "Root CA" then "Next"

Select "Create a new private key" (this will generate a new private key, then "Next".

Select an encryption provider, the length of the key, and the algorithm that will be used to sign certificates issued by the Certificate Authority. Then "Next".

Here you can specify the name of your CA (Certificate Authority) Then "Next".

Here You will be able to choose the period of validity of the certificates generated by the CA.

Specify the path for the certificate database. Then "Next"

Click on "Configure" to start the configuration of the ADCS including the previously added parameters.

The installation and configuration of both Services are complete.

Using the "Certification Authority Web Enrollment Service"

We will discover how to create a certificate for a website through the "Web Enrollment" tool.

First, you have to go to your Internet Information Service (IIS) Manager on the machine hosting your website.

Then select "Create Certificate Request" to request the certificate

Fill in the information linked to your site and your company.

Select an encryption provider and the "Bit Length".

Save the text file generated.

In your browser, log certsrv site hosted on your server ADCS. Your "username" and "password" for the ADCS management statement will be requested.

Select "Request a certificate"

Select "Submit an advanced certificate request"

Select "Submit a certificate request ..." (2nd)

Paste the entire previously generated text file, then select the "Web Server" template and finally click "Submit".

Download the certificate by clicking on "Download certificate"

Go to the IIS Manager server hosting the future website. Select "Complete Certificate Request".

Enter the path to the certificate and a name for it.

Click on "Edit Bindings"

Select the SSL certificate added in the previous step from the drop-down list.

A restart of the web server may be required for the configuration to be taken into account.

Conclusion

In this article, we discovered what is the ADCS, the establishment of two such services and the use of the service Certification Authority Web Enrollment to generate a certificate.

Once configured to your needs, Certificate Authority allows you to manage your certificates through the various tools at your disposal. Today, the use of certificates is inevitable in order to secure your data.

A propos de SUPINFO | Contacts & adresses | Enseigner à SUPINFO | Presse | Conditions d'utilisation & Copyright | Respect de la vie privée | Investir
Logo de la société Cisco, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société IBM, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Sun-Oracle, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Apple, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Sybase, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Novell, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Intel, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Accenture, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société SAP, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Prometric, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo de la société Toeic, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management Logo du IT Academy Program par Microsoft, partenaire pédagogique de SUPINFO, la Grande École de l'informatique, du numérique et du management

SUPINFO International University
Ecole d'Informatique - IT School
École Supérieure d'Informatique de Paris, leader en France
La Grande Ecole de l'informatique, du numérique et du management
Fondée en 1965, reconnue par l'État. Titre Bac+5 certifié au niveau I.
SUPINFO International University is globally operated by EDUCINVEST Belgium - Avenue Louise, 534 - 1050 Brussels