Step 2: Configure the Certificate Authority (CA) on the Server
Now you need to set up the CA to hand out certificates automatically, and turn on the IP Security policy.
- First, though, set up an MMC if you have not already and add the Certificate Authority snap-in (for the local computer), as well as the Default Domain Policy (select the Group Policy Object editor snap-in, Browse, and then Default Domain Policy).
- Set up the server to hand out certificates automatically.
- In the MMC, click the Default Domain Policy entry, select Computer Configuration, choose Windows Settings, click Security Settings, select Public Key Policies, and choose Automatic Certificate Request Settings.
- Right-click the Automatic Certificate Request Settings entry, select New, and then select Automatic Certificate Request.
- A wizard is launched. Click Next.
- When asked what type of auto certificate template you want to install, select Computer as shown in Figure 2 Then click Next.
- Click Finish. You should see a certificate template called Computer on the right side window pane in the MMC.
- Save the MMC.
- Turn on the IP Security Policy.
- Within the MMC expand the following options in the left window pane: Default Domain Policy > Computer Configuration > Windows Settings > Security Settings. Click once on IP Security Policies on Active Directory.
- This should bring up three policies on the right hand side. None of these are yet assigned.
- Right click the Secure Server (require Security) option and select Assign. This should assign the security policy allowing clients to connect.
- Save the MMC and close it.
Figure 2 The Certificate Template screen.