Setup Home Lab SSL Certificate Authority

Setup Home Lab SSL Certificate Authority

August 4, 2014 2 By Eric Shanks

piotr_halas_padlockIf you would like to setup SSL certificates for your home lab, this guide should get you to a minimal installation.  The goal of this post is to show you a basic way to setup certificates and should not be followed verbatim if you are planning a production deployment.  For one thing, this post uses an Enterprise Root Certificate Authority and in a production environment you really should have an offline Root CA and an online Subordinate CA for security purposes.

With all that being understood, lets begin.

 

Prerequisites

  • Active Directory Domain already setup and configured

Install Active Directory Certificate Services

This post uses Server 2012 R2 for the certificate server, but similar steps could be used with other Operating Systems.

We use Server Manager to install the Active Directory Certificate Services and their associated features.  Some screenshots below show exactly what we’re selecting.  Any other screens during the install should use the defaults.

CA-Install1 CA-Install2

 

Configure the Certificate Authority

Once the Roles and Services have been installed, the Server Manager should show a warning that configurations are now required.

CA-Install3

 

When you click on the hyperlink, the configuration wizard will start.  I’ve included screenshots again with the tabs that need to be configured.  All other screens can use the defaults.

CA-Install4

I’ve selected an Enterprise CA and a Root CA type.  Again, for a production environment, this is probably not the same configuration that you should use.  For more information about setting up a full blown CA please check out Derek Seamen’s blog, derekseaman.com (clever blog name).  He has tons of articles about SSL can be very useful when setting up this stuff.

CA-Install5 CA-Install6

Summary

This should take care of the initial install and configuration of the SSL Services.  Look for part two where we configure the Root Certificates and set them up for auto enrollment.