How to Configure Microsoft Certificate Authority
Hi all,
Today we will discuss about how to configure Microsoft Certificate authority for Horizon View environment. As I said in my introduction post SSL certificate is very much important for Horizon View environment, you can use internal certificate authority or you can purchase external SSL certificate for Horizon View environment. Horizon View comes with self-signed certificates that are fine for a proof of concept or a small-scale pilot, but for a production environment, you need to have proper certificates.
“SSL used to create an encrypted connection between a web server and the web browser from where you will view the web pages”
Horizon View 7.5 blog series: “Horizon View 7.5”
Previous blog post: “Setting up Microsoft ADDS, DNS and DHCP“
Let’s discuss how to configure..
I have deployed Microsoft Certificate Authority in my environment. Normally Windows engineer’s will configure CA servers in production environment, but when I tried to configure CA server first time it was quite deficit, but I had multiple discussions and blog reading for creating CA server for my Horizon View Environment.
So we will discuss how I deployed CA server step by step.. this blog post having more number of screenshots so this page will be little big 🙂
Let’s start..
I deployed new individual VM for deploying CA server with Windows 2012 R2, 2 vCPU and 2 GB RAM.
Below screenshot show the server Name, IP and Domain. Before proceeding ADCS role installation, make sure target server under domain.
Open “Add Roles and Features Wizard”
From Server Role select “Active Directory Certificate Service” and click “Next” to continue:-
In Role Services I have selected,
- Certificate Authority
- Certificate Enrollment Policy Web Service
- Certificate Enrollment Web Service
- Certification Authority Web Enrollment
Click “Next” to continue:-
In Web Server Role (IIS), Click Next..
In IIS role service, select default configuration and click “Next” to continue..
Select “Restart the destination server automatically if required” option and click “Install” button..
Once the installation completed, from the same wizard select “Configure Active Directory Certificate Services on the destination server” option.
Once AD CS configuration wizard opens, make sure you are providing Administrator user in credentials field.
click “Next” to continue:-
Select Role Services, Select required services, right now I am selecting only three service, one service will be installed later.
- Certificate Authority
- Certificate Enrollment Policy Web Service
- Certification Authority Web Enrollment
Click “Next” to continue:-
Specify the setup type of the CA, there are two setup type available.
Enterprise CA and Standard CA, I am going with Enterprise CA setup.
Click “Next” to Continue:-
Select CA type, again there are two CA types.
Root CA and Subordinate CA, I am going with Root CA type.
Click “Next” to Continue:-
Private Key selection, Select “Create a new private key option”
Click “Next” to Continue:-
In Cryptography tab, Select
Cryptography provider: RSA# Microsoft Software Key Storage Provider
Key length: 2048, Hash algorithm: SHA1
Cryptography configuration you can modify according to your security standards. Click “Next” to Continue:-
Specify CA name, provided “vgyan-CA” as common name. Click “Next” to Continue:-
Validity period, selected as 5 years.
Click “Next” to Continue:-
Certificate Database, Selected default location..
Click “Next” to Continue:-
Authentication type, selected “Windows Integrated authentication”
Click “Next” to Continue:-
In authentication certificate tab, Select choose and assign a certificate for SSL later.
Click “Next” to Continue:-
Verify all configuration parameters, and click on “Configure” button.
Close AD CS configuration wizard.
For additional AD DS Configuration, Select “Yes”.
Specify Administrator credentials and click “Next” to continue:-
Select “Certificate Enrollment Web Service” and click Next to continue:-
Specify CA for Certificate Enrollment Web Services, Select “CA name” and click Next to continue.
Select “Windows integrated authentication” as authentication type, click “Next” to continue.
“Use the built-in application pool identity” for service account and click “Next” to continue.
Specify existing certificate for SSL encryption, click next to continue..
Verify all configuration parameters and click on Configure button.
Once the configuration completed, close AD CS configuration wizard.
Active Directory Certificate Service role installed on target server, close Add Roles and Features wizard..
Open Certificate Authority and verify Certificate Templates are available for use.
So we configured ADCS for Horizon View environment.. We will discuss about certificate enrollment in upcoming blog post
That’s all guys.. will discuss more on Horizon View 7.5 in upcoming post, Horizon View components installation and configuration, various Desktop pool creations, Application publishing etc… stay tuned.. ????
Next blog post will be “Setting up SQL DB for View Composer & Event DB”
I hope you enjoyed reading this post. Feel free to share this to others if it is worth sharing!!!