From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Introduction

I was setting up a client’s small business intranet the other day when the talk turned to security. Their intranet was mainly used as a portal for storing information and documents that the company wanted to make available for all employees. The client wanted to ensure that any credentials that were used to log into the portal were protected. I suggested using SSL to configure the site so that the credentials would not be in plain text as they were sent across the intranet.

Uses for Certificates

SSL (Secure Sockets Layer) uses two keys (private and public) to encrypt data and requires a certificate. The client was dealing with a limited budget and knew nothing about setting up certificates and didn’t want to spend money on a certificate. I suggested setting up a Microsoft Certificate Services on the Windows 2003 Server in her network. She agreed, and that has spawned a three part article on using certificates in your network. This article will focus on installing the Microsoft Certificate Server and the next articles will show you how to use it in your network to protect websites and how to use S/MIME to protect your email. So, first things first, let’s get our Microsoft Certificate Services installed.

Certificate Services Installation

To install Certificate Services you require Windows 2003 Server. To install Certificate Services you will need your original installation CD’s. Ensure that the computer is configured exactly how you like it because a number of settings become locked once you install the Certificate Server.

Installation Steps
Microsoft Internet Information Server
If you do not have Microsoft’s Web Server called Internet Information Server (IIS) setup please follow the steps below to setup IIS. Click to view IIS install screen.

• Click Start - Control Panel – Add/Remove Programs
• Click Add/Remove Windows Components
• Click Application Server and select Details
• Select IIS and click Ok
• Click Next
• Click Finish

This is so your employees can use to the web server to request a certificate. Ensure that this website is only accessible from the inside of your network. Check your firewall to make sure there is no access to this server from the Internet.

Microsoft Certificate Services
Now install the Microsoft Certificate Services:

• Click Start - Control Panel – Add/Remove Programs
• Click Add/Remove Windows Components
• Select Certificate Services (Here is that warning I was telling you about). Click Yes

The next step involves deciding on what type of Certificate Authority (CA) you want to install. I will point you to Microsoft’s web site for the different types of Certificate Authorities. Click here to view Certifcate Authority install screen.

• Select Enterprise root CA, and click the Next button
• Select a name for the Server in the Common name for this CA box. Click Next
• Accept the defaults in the Certificate database box and the Certificate database log box. Click Next. Click here to see option install screen
• Accept the “Stop Internet Information Services” prompt
• Enable Active Server Pages
• Click Finish

Finished

That’s it. Certificate Services is installed. I will show you issue certificates the next article.