Technology

Active Directory with a trusted certificate

In this tutorial I will show you how to install Active Directory with a certificate from a trusted certificate authority (CA). I got this experience from deployment of a Windows domain in the Silicon Hill student’s club.

Prerequisities

We need to have a certificate and a corresponding private key in the .pfx or .p12 format. If you have it in the classic .pem format, here’s a tutorial how to convert it.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Note: No Active Directory Certificate Services needed as some tutorials may suggest.

Versions

Versions are always important to every tutorial, since what works on one version, may not work on others.
We will be using Windows Server 2012.

image

Overview of the steps

  1. Add the Active Directory Domain Services role to the server.
  2. Import the certificate with private key (*.pfx or *.p12) to the correct certificate store.
  3. Promote the server to a domain controller (dcpromo.exe)

Step 1: Adding the ADDS role

  1. Open Server Manager
  2. Click Manage → Add Roles and Features
  3. Click Next > until the Server Roles phase.
  4. Select Active Directory Domain Services.
  5. Press Next > and Finish until the end of process.

Warning: Do not run the dcpromo (DC promotion) yet.

Step 2: Install certificate

  1. Open mmc.
  2. Add/Remove Snap-in… (Ctrl+M)
  3. Certificates
  4. Add >
  5. Service Account
  6. Local Computer
  7. Active Directory Domain Services
    image
  8. Finish, OK
  9. Import the .pfx or .p12 into NTDS\Personal

Step 3: dcpromo

Run dcpromo (domain controller promotion) from the Server Manager. You will notice a yellow triangle with exclamation mark, it is enough to follow it.

Test it!

After you restart the server, it should probably work. To test it, try an OpenSSL command

openssl s_client -host dc1.example.com -port 636

If you see the desired certificate information, you’re done.

Conclusion

Hope the tutorial was useful. Let me know if that works for you and feel free to comment.

Facebook a XMPP: Hrozba pre ICQ?

XMPP (alebo Jabber) je protokol, ktorý poznajú hlavne ľudia z IT, bežný užívatelia ho nepoužívajú, lebo sú zvyknutí na ICQ, MSN a ďalšie menej sofistikované protokoly. Na popularite síce pridal Google v roku 2005, keď uviedol Google Talk, ktorý tento protokol používa. Ľudia ale stále netušia, že niečo ako Jabber existuje.

Read More…

Google Apps Premier Edition: Riešenie

Už dlhší čas mi prestávalo stačiť, čo ponúkajú bežné free služby e-mailu. Pred asi 2 rokmi som z tradičného Gmailu prešiel na vlastnú doménu a službu Google Apps for Domains. So službou som bol spokojný, všetko fungovalo ako malo, e-mail mi bežal na vlastnej doméne (tomas@srna.sk), a hlavne bola zadarmo.

Ani som sa nenazdal, a používal som v tú dobu 2 e-mailových klientov. Thunderbird pre e-mail, Outlook pre Kalendár, Kontakty a Úlohy (Gmail sa cez IMAP veľmi zle integruje do Outlooku). Kalendár a Kontakty sa synchronizovali cez iTunes na iPhone.

Read More…

 Scroll to top