If you would like to setup SSL certificates for your home lab, this guide should get you to a minimal installation. The goal of this post is to show you a basic way to setup certificates and should not be followed verbatim if you are planning a production deployment. For one thing, this post uses an Enterprise Root Certificate Authority and in a production environment you really should have an offline Root CA and an online Subordinate CA for security purposes.
With all that being understood, lets begin.
- Active Directory Domain already setup and configured
Install Active Directory Certificate Services
This post uses Server 2012 R2 for the certificate server, but similar steps could be used with other Operating Systems.
We use Server Manager to install the Active Directory Certificate Services and their associated features. Some screenshots below show exactly what we’re selecting. Any other screens during the install should use the defaults.
Configure the Certificate Authority
Once the Roles and Services have been installed, the Server Manager should show a warning that configurations are now required.
When you click on the hyperlink, the configuration wizard will start. I’ve included screenshots again with the tabs that need to be configured. All other screens can use the defaults.
I’ve selected an Enterprise CA and a Root CA type. Again, for a production environment, this is probably not the same configuration that you should use. For more information about setting up a full blown CA please check out Derek Seamen’s blog, derekseaman.com (clever blog name). He has tons of articles about SSL can be very useful when setting up this stuff.
This should take care of the initial install and configuration of the SSL Services. Look for part two where we configure the Root Certificates and set them up for auto enrollment.