Search This Blog

Thursday, January 8, 2015

Create a Certificate Template from Internal CA

We plan to setup ADFS for our test environment and we are require to get a certificate before configure ADFS. For Lab purpose, we are going to use Internal CA.Here is the step that we took

[Install CA roles]

Use Server Manager and Tick AD Certificate Services

  • Certificate Authority
  • Certificate Authority Web Enrollment

image

[ Create a Certificate Template]

1. Open MMC

2. Add Certificate Template | Duplicate Web Server Certificate Template

image

3. Modify the certificate templates

Compatibility- Maintain 2003

image

Request Handling – Tick Allow private key to be exported. Make sure you tick this as we need to export the certificate and import into other ADFS server.

image

Cryptography – Minimum key size - 2048

image

Security – Add Authenticated Users / Domain Users and set Enroll permission

image

Subject name – Supply in the request. (This option allow certificate template to visible when request from web browser)

image

General – Change your Certificate Template name

image

[ Publish Certificate Template]

1. Open Certificate Authority snap-in

2. Right click Certificate Template | New | Certificate Template to issue

image

3. Select the certificate template that you’ve created earlier

image

[ Verify and request certificate ]

1. Use browser and go to https://localhost/certsrv

2. Request a certificate | Advanced Certificate Request | Create and submit request to this CA

image

Check out below. We can select our own created certificate template. Let start to request a certificate with common name :- fs.ms4u.local, 2048 key size and mark key as exportable.

image

Install the certificate, export out using Certificate snap-in and install into each ADFS server and Web Proxy server.

That’s all for today and we have successful create own certificate template from internal CA. Next, we will setup ADFS farm and Web Proxy.