Home > Bitlocker, CA, Certificate Authority, Certificates, PKI, Root CA, Security, Windows Server 2008 > Create a Root CA on Windows Server 2008 R2 core edition Part 1

Create a Root CA on Windows Server 2008 R2 core edition Part 1

January 16th, 2012 Leave a comment Go to comments

This guide explains how to install and configure an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.

This guide is splitted in three seperate parts:

Main reason to configure the Root CA on a core edition is to lower the attack surface. The attack surface should be as low as possible to prevent hackers from stealing the private key of the root certificate. Therefore most of the time the Root CA will be shutdown and disconnected from the network. More about security hardening on an Root CA in a later article.

Prerequisites

The following must be available before using this guide:

  • A dedicated physical or virtual machine;
  • Root access to the server (ILO, VMware, vSphere console);
  • Windows Server 2008 R2 core edition already installed;
  • Hostname and network settings already configured;
  • Very complex password set for the administrator account;
  • Firewall must be on with no exceptions;
  • Access to Windows update, WSUS, SCCM or other patching mechanism.

Installation steps

Step1: Install all updates (securing the server)

1. Open up the command prompt on the Root CA server.

2. Run the following command to open up the server configuration: sconfig

3. Press "6" to download and install Windows Updates.

4. Press "A" to search for all available updates.

5. Press "A" to select all updates.

6. Click Yes to restart te server.

This is the end of part 1. Next part we are going to encrypt the drive of the Root CA with BitLocker.

  1. No comments yet.
  1. No trackbacks yet.
Security Code: