Requesting A Certificate From A Windows Server 2003 Ca Server - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Requesting a certificate from a Windows Server 2003 CA
server
Network requirements
Configure the PKI entity (the device) to request a local certificate from a Windows Server 2003 CA
server.
Figure 85 Network diagram
Host
Configuring the Windows Server 2003 CA server
1.
Install the certificate service component:
a. Select Control Panel > Add or Remove Programs from the start menu.
b. Select Add/Remove Windows Components > Certificate Services.
c. Click Next to begin the installation.
d. Set the CA name. In this example, set the CA name to myca.
2.
Install the SCEP add-on:
By default, Windows Server 2003 does not support SCEP. You must install the SCEP add-on
on the server for a PKI entity to register and obtain a certificate from the server. After the SCEP
add-on installation is complete, you will see a URL. Specify this URL as the certificate request
URL on the device.
3.
Modify the certificate service attributes:
a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the certificate service component and SCEP add-on have been installed successfully,
there should be two certificates issued by the CA to the RA.
b. Right-click the CA server in the navigation tree and select Properties > Policy Module.
c. Click Properties, and then select Follow the settings in the certificate template, if
applicable. Otherwise, automatically issue the certificate.
4.
Modify the Internet information services attributes:
a. Select Control Panel > Administrative Tools > Internet Information Services (IIS)
Manager from the start menu.
b. Select Web Sites from the navigation tree.
c. Right-click Default Web Site and select Properties > Home Directory.
d. Specify the path for certificate service in the Local path box.
e. Specify a unique TCP port number for the default website to avoid conflict with existing
services. In this example, port 8080 is used.
Configuring the device
1.
Synchronize the device's system time with the CA server for the device to correctly request
certificates. (Details not shown.)
2.
Create an entity named aaa and set the common name to test.
<Device> system-view
[Device] pki entity aaa
[Device-pki-entity-aaa] common-name test
PKI entity
Internet
Device
CA server
289
Advertisement
Table of Contents
Troubleshooting
