Installing Enterprise CA for AD FS on Windows Server 2012

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to the IOT free training video on setting up an enterprise CA for use with Active Directory Federation services this video will set up an enterprise route CA for use with Active Directory Federation services if you already have an enterprise CA configured on your network you can follow the steps in the later part of this video for creating a template to issue certificates if you do not have a certificate hierarchy already this video will get you up and going with the basic requirements if you are planning to use certificates in your company I would recommend doing some additional research on how to deploy a certificate hierarchy as this is a big long term investment for your company I will now change to my computer running Windows Server 2012 to have a look at how to set up an enterprise route CA for use with Active Directory Federation services this is a basic Windows Server 2012 standard install no additional roles have been added the only change to the base install was to add it to the IT free training domain to start with I need to add the certificate role to the server to do this I will need to open server manager one server manager has opened I next need to select the option add roles and features found on the welcome screen to start the add roles and features wizard once I am past the welcome screen I will leave it on the default option to install a role-based or feature-based installation and then on the next screen leave it on the default option of the current server on the next screen I need to select which role I want to install in this case the only role that I need to select is Active Directory certificate services once selected windows will prompt for some additional features that need to be installed so I will press add features and then move on to the next screen of the wizard this screen will allow you to select additional features of which there are none for this reason I will press Next and move on the next screen is a welcome screen for certificate services once I move past this screen I next need to select which components of certificate services that I want to install in this case the default option of certification authority is the only component that is required so I will leave it selected and move on to the next screen of the wizard the last screen will show me the options that I have selected once I press install the role will be installed this process does take a few minutes to complete so I will pause the video when return shortly now that the role has been installed I can close the wizard the next step is to configure the role to do this I need to select the exclamation mark at the top of the screen and then select the option configure Active Directory certificate services on the destination server the first screen of the configuration wizard will ask which user account you want to use by default it will use the currently logged in user which is a domain administrator this has enough rights to perform the install so I will press next to move on on the next screen I need to select which components I want to configure in this case the only component that has been installed is the certification authority component so I will pick that component and move on to the next screen of the wizard on the next screen I need to make sure that Enterprise CA is selected if this option is grayed out check to make sure the server has been added to the domain in a later video I will configure the highcosttraining CA for which I will use the standalone CA option if you are interested in how to do this with Enterprise C selected I will move on to the next screen of the wizard in this particular case I will select the option root CA in a production environment I would use an offline standalone CA for the root CA for additional security in this case I am performing just the basic install to obtain a certificate for the Active Directory Federation server for the next few screens I will accept the default options if you are planning to configure certificates in your organization you should take your time to understand and configure these options to meet your needs in this case the default options will work fine to install and use ad FS but remember the options you select here cannot be changed later if you plan to deploy certificate services for using your company do your research first once I press configure the server will be configured as an enterprise route to ca this does take a minute or so to complete so I will pause the video and return shortly once the server has been configured I will close the wizard the next step is to configure a certificate template to be used with Active Directory Federation services to do this I will select the Tools menu and then select the option certification Authority once open I will need to expand down to certificate template right click it and select the option manage from the list of templates I need to select one that provides the basic functionality for Federation services since Federation services uses web protocols I will scroll down to the bottom and select the web server template the next step is to right-click the template and select the option duplicate template once selected the properties for the copy of the web server template will be displayed it is now just a matter of customizing this template for use with Active Directory Federation services the first change that I will make can be found on the tab general for the display name I will enter in a DFS SSL certificate 2012 to make it easy to tell apart from the other certificates next I will select the subject name tab on this tab I will need to select the option built from this Active Directory information when the Active Directory Federation server requests a certificate from the certificate authority it will supply this information if you were using a standalone certificate authority you would need to enter in this information I will look at how to configure these settings manually when I setup the CA for high cost of training under subject name format I need to select the option common name Active Directory Federation services requires both the common name in the certificate and also the DNS name be configured to configure the DNS information make sure the tick-box dns name is ticked the other tick boxes do not need to be ticked next I need to select the Security tab to ensure that the server has enough access to request a certificate to do this I will press the Add button and press the button object types before I can enter in the names of the server to search for I will first need to tick the option computers if this option is not selected the search will not find the computer account associated with the server once ticked I can go back and enter the cuter name for my Active Directory Federation server this server has had the base install performed and been added to the domain but nothing else has happened to it as yet once the server has been added to the permissions list I need to also ensure that enrol permissions is ticked which can be found in the allow column if the read and enroll permissions are not set to allow the server will not be able to request a certificate once I exit out of here you will notice the new template has been added to the list of available templates however it will not be available to the CA yet to make it available I need to close this window and go back to certification Authority from here I need to right-click certificate templates and select the option certificate template to issue under the new menu once selected a window will appear showing all the available templates it is just a matter of selecting the template that I want to use and press the okay button you will notice that template is now available and listed in certificate templates the certificate template has now been configured and added to the enterprise CA now the server that is running Active Directory Federation services will be able to request the certificate to be used with Active Directory Federation services but the install of Active Directory Federation services I will leave to another video till that time I hope you found this video useful and I look forward to seeing you in the next video from this series on Active Directory Federation services until then thanks for watching
Info
Channel: itfreetraining
Views: 28,917
Rating: 4.9252338 out of 5
Keywords: AD FS, Certificates, ITFreeTraining
Id: fpvvbeyr7ec
Channel Id: undefined
Length: 9min 38sec (578 seconds)
Published: Thu Jul 24 2014
Related Videos
Installing ADFS on Windows Server 2012 R2
itfreetraining
118K
03 - Understanding Active Directory - Active Directory Certificate Services CS
RG Edu
140K
What are certificates?
itfreetraining
686K
Installing Enterprise CA for AD FS
itfreetraining
56K
Installing AD FS High Cost Training
itfreetraining
16K
Install server 2012 , Install exchange server 2013 & configure step by step (unedit)
YakiNet Net
72K
How to add application in IIS 8 on Windows server 2012
Sachin Samy
158K
AD FS Configuring a Relying Party Trust
itfreetraining
60K
David Papkin Setup AD FS Server 2016
David Papkin
27K
How to install one SSL Certificate across multiple servers in IIS 8 on Windows Server 2012
Sachin Samy
102K
Install and Configure WSUS in Windows Server 2012 R2
MSFT WebCast
117K
CompTIA Network+ Certification Video Course
PowerCert Animated Videos
3.5M
Configure Active Directory authentication (User-ID) in the Palo Alto
Ed Goad
6.6K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.