Create and use intermediate certificate authority on Windows Server 2012?

Posted by Sid on Server Fault See other posts from Server Fault or by Sid
Published on 2012-09-07T20:17:13Z Indexed on 2012/09/07 21:40 UTC
Read the original article Hit count: 268

Filed under:

certificate-authority

|

windows-server-2012

Background: Server OS is Windows Server 2012. GUI is installed as we come upto speed with powershell. Setup is staging, not production (yet).

We have our (internal, domain limited) Root CA installed. I would like to take the Root CA offline to secure storage but before that I'd like to setup an intermediate CA which can take over actual live, online (int-RA-net) functionality

Can someone guide me covering:

creating the intermediate CA certificate request
installing the intermediate CA certificate on domain controller (certification authority role already installed with Root CA online right now)
use the intermediate CA to generate a certificate (any use certificate, just for demonstration purposes)

Obviously this certification chain would be invalid on computers outside our domain (self trusted root - our root certificate is NOT from common 3rd parties). This last point is NOT a problem.

© Server Fault or respective owner

Related posts about certificate-authority

Certificate Authority issuing Basic EFS certificates without Autoenroll

as seen on Server Fault - Search for 'Server Fault'
We have observed some puzzling behavior from the CAs we have set up in both the past and present. For some reason unknown to us, it seems that our CAs are randomly issuing "Basic EFS" certificates to our users. This is evident through the "Issued Certificates" log on the CA. I personally set up a… >>> More
Add a custom certificate authority to Ubuntu

as seen on Server Fault - Search for 'Server Fault'
Hello; I have created a custom root certificate authority for an internal network, example.com. Ideally, I would like to be able to deploy the CA certificate associated with this certificate authority to my Linux clients (running Ubuntu 9.04 and CentOS 5.3), such that all of the applications automatically… >>> More
Understanding Security Certificates (and thier pricing)

as seen on Server Fault - Search for 'Server Fault'
I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private… >>> More
Install new root certificate authority (CA) in windows

as seen on Super User - Search for 'Super User'
I am trying to use ninite to get my new laptop set up quickly. However when I try to install, windows complains about the CA. The website ninite.com also shows certificate problems. They use a root CA (COMODO Certification Authority) that is not included into windows 7 by default. However I am not… >>> More
Validating SSL clients using a list of authorised certificates instead of a Certificate Authority

as seen on Server Fault - Search for 'Server Fault'
Is it possible to configure Apache (or any other SSL-aware server) to only accept connections from clients presenting a certificate from a pre-defined list? These certificates may be signed by any CA (and may be self-signed). A while back I tried to get client certificate validation working in the… >>> More

Related posts about windows-server-2012

Can't upgrade Windows Server 2012 Essentials to Windows Server 2012 R2 Essentials

as seen on Server Fault - Search for 'Server Fault'
So today was RTM of Windows Server 2012 R2 Essentials released. I immediately tried to do an in-place upgrade of an existing RTM 2012 Essentials to RTM 2012 R2 Essentials, but get: Windows Server 2012 Essentials cannot be upgraded to Windows Server 2012 R2 Essentials. You can choose to install… >>> More
Top 31 Favorite Features in Windows Server 2012

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Over the past month, my fellow IT Pro Technical Evangelists and I have authored a series of articles about our Top 31 Favorite Features in Windows Server 2012. Now that our series is complete, I’m providing a clickable index below of all of the articles in the series for your convenience, just in… >>> More
Windows Azure: Announcing Support for Windows Server 2012 R2 + Some Nice Price Cuts

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today we released some great updates to Windows Azure: Virtual Machines: Support for Windows Server 2012 R2 Cloud Services: Support for Windows Server 2012 R2 and .NET 4.5.1 Windows Azure Pack: Use Windows Azure features on-premises using Windows Server 2012 R2 Price Cuts: Up to 22%… >>> More
A SpecTECHular follow-up: Windows Server 2012 #HyperV, #SysCtr 2012 and #Windows8

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
Last week, I had the pleasure of presenting at the New Horizons SpecTECHular events (www.spectechular.com) in Cincinnati and Dayton OH. It was great meeting some very engaged IT Pros and discussing the new features of Windows Server 2012 Hyper-V, System Center 2012 / Private Cloud, and Windows 8… >>> More
Windows Server 2012 sera disponible en quatre éditions : Foundation, Essentials, Standard et DataCenter

as seen on Developper.com - Search for 'Developper.com'
Windows Server 2012 sera disponible en quatre éditions Foundation, Essentials, Standard et Datacenter, Microsoft dévoile les prix de l'OS Windows Server 2012, la prochaine version du système d'exploitation serveur de Microsoft sera officiellement disponible en quatre éditions : Foundation… >>> More