Jump to content

How to set up a internal Certificate Authority


support

Recommended Posts

If you do not intend on accessing Passwordstate from outside your network, the best type of free certificate you can use is one that is generated from an internal Certificate Authority.  A Certificate Authority is easy to set up, and is just another "Role" that your Domain Controller provides.  Below are some instructions on how to set up a Certificate Authority on your Domain, if you do not already have one:

 

All steps below are performed on your domain controller.

 

Open Server Manager, and Add a new Role:

1.png

 

Click Next

2.png

 

Click Next

3.png

 

Click Next

4.png

 

Select Active Directory Certificate Services

6.png

 

Click Add Features and then click Next 

7.png

 

Click Next 

8.png

 

Click Next 

9.png

 

Select Certificate Authority and click Next

10.png

 

Click Install

11.png

 

When Feature Installation finishes, click Close

12.png

 

 Click Notifications and select Click Configure Active Directory Certificate Services

13.png

 

Ensure the user you are logged in with is an Enterprise Admin and click Next 

14.png

 

Select Certificate Authority and click Next 

15.png

 

Select Enterprise CA and click Next

16.png

 

Select Root CA and click Next 

17.png

 

Select Create New Private Key and click Next

18.png

 

Select SHA256, Key Length of 2048 bits, and click Next 

19.png

 

Leave all the fields as default, and click Next

20.png

 

Choose 5 years for the validity period, or what’s relevant for your organization, and click Next

21.png

 

Leave defaults and click Next 

22.png

 

Click Configure 

23.png

 

Click Close

24.png

 

Now reboot your domain controller, and your Certificate Authority is now configured.  You can now create a wildcard certificate that can be used for your Passwordstate website, which will mean any computer joined to your domain will automatically trust the certificate making for a nicer end user experience. You can also use this certificate for your Browser Based Gateway, if you intend on using that feature inside Passwordstate.

 

For detailed instructions on how generate a certificate from your Certificate Authority, see this forum post:  https://www.clickstudios.com.au/community/index.php?/topic/1952-generate-a-new-certificate-from-active-directory-certificate-authority/

 

 

If you are changing the certificate, you may need to also change the URL of your Passwordstate website.  To be completely trusted, the certificate name needs to match the bindings in IIS, which also needs to match the DNS record you have for your site.  This forum post describes how to change your URL: https://www.clickstudios.com.au/community/index.php?/topic/1465-changing-the-passwordstate-url/

 

 

Regards,

Support

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...