Understanding certificates is something that I avoided for many years in my technology career. For many facets of IT, you never had to deal with them. That was for the networking guys, not anybody doing development or desktop support. Times have changed, and a solid understanding of the common certificate types is quickly becoming an ability that anyone in support should possess. More and more security is becoming focused on certificates, and with the exponential increase in the amount of applications that are served via the Web, understanding the certificates that protect these services is more important than ever.
Almost anyone who has set up a website has dealt with SSL certificates from a public Certification Authority (CA), but did you know that you can be your own CA? That you can issue certificates to the machines in your network right from your own CA server? Follow along as we explore some of the capabilities of Windows Server 2016 running as a CA server in your network. Our work in this chapter will cover the following topics:
When getting to know a new customer and network as part of my day job, I generally find that one of two things are true. Either they don't have a CA server, or they do, but it isn't being used for anything yet. Most folks know that certificates are upcoming and in demand and that new technologies are released all the time that require a fairly large use of certificates. Technologies such as Lync, SharePoint, System Center, DirectAccess, or even just building a website almost always require the use of a certificate in today's world. Jumping into a project to deploy almost any new system these days will quickly bring you to the realization that a knowledge of certificates is becoming mandatory. Even in places where they aren't required, they are usually still recommended in order to make the solution more secure or to adhere to best practices.
Together, we are going to build a Public Key Infrastructure (PKI) environment inside our network and use it for some common certificate issuing tasks. By the end of this chapter, you should be comfortable with creating a PKI in your own environment, which will prepare you for any requirements you may encounter when working with certificate-based technologies.
18.118.200.161