Spamming about Information Technology (System Center, Exchange, PKI, Unified Communication and Virtualization)
Posts tagged Core
Create a Root CA on Windows Server 2008 R2 core edition Part 1
04 months ago
This guide explains how to install and configure an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.
This guide is splitted in three seperate parts:
- Part 1: Introduction and pre-installation tasks
- Part 2: Encrypting the drive of the Root CA using BitLocker
- Part 3: Installing Active Directory Certificate Services on the Root CA
Main reason to configure the Root CA on a core edition is to lower the attack surface. The attack surface should be as low as possible to prevent hackers from stealing the private key of the root certificate. Therefore most of the time the Root CA will be shutdown and disconnected from the network. More about security hardening on an Root CA in a later article.
Prerequisites
The following must be available before using this guide:
- A dedicated physical or virtual machine;
- Root access to the server (ILO, VMware, vSphere console);
- Windows Server 2008 R2 core edition already installed;
- Hostname and network settings already configured;
- Very complex password set for the administrator account;
- Firewall must be on with no exceptions;
- Access to Windows update, WSUS, SCCM or other patching mechanism.
Installation steps
Create a Root CA on Windows Server 2008 R2 core edition Part 3
01 year ago
This is the third part (Part 1, Part 2) of the how-to guide on installing and configuring an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.
Within this part we are going to install and configure Active Directory Certificate Services (ADCS) on the Root CA. Also we are going to backup the root certificate with private key to external storage and encrypt this drive Bitlocker to go.
Prerequisites
The following must be available before using this guide:
- Part 1 and Part 2 of the installation guide must be completed;
- Root access to the Root CA server (ILO, VMware, vSphere console);
- SetupCA.vbs must be downloaded (click here) and stored on the Root CA (C:Temp)
- One or two USB drives (dedicated for the backup of the root certificate and private key).
Installation steps
Create a Root CA on Windows Server 2008 R2 core edition Part 2
01 year ago
This is the second part (Part 1) of the how-to guide on installing and configuring an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.
Within this part we are going to encrypt the OS drive with BitLocker. By encrypting the drive it will be almost impossible to steal the private key of the root certificate. Within this guide we are going to use a virtual machine on VMware (Hyper-V or XenServer are also supported). Because our virtual machine does not have a TPM (Trusted Platform Module) we are using a virtual floppy which will be needed everytime the server will be powered on.
This guide can also be used on all Windows Server 2008 R2 core servers.
Prerequisites
The following must be available before using this guide:
- Root access to the server (ILO, VMware, vSphere console);
- Windows Server 2008 R2 core edition already installed;
- A server with Windows Server 2008 R2 full and the Bitlocker feature installed.
Installation steps
