A standard SSL certificate is dissected in this video to explain as well as show how to find common elements of name, alternative name, thumbprint, and more.
- [Instructor] Before we dig into installing certificate services on one of our servers, I wanted to take a moment to look at the details of a certificate. You can manage certificates on a Windows server or workstation in Powershell or from the Desktop. Or to some extent from the Windows Admin Center. And what I'm going to walk through here will be the same on any Windows server or workstation. What I'm going to do is open a Microsoft Management Console. I'm going to do this by right clicking on the Start button and choosing Run. You could just as easily hold down the Windows key and press R. And that will open a box where I can type in an application that I want to run. I'm going to run mmc which stands for Microsoft Management Console. And here I get a blank console where I can add the snap-in for certificates. You do that from the File menu where I can choose Add or Remove Snap-in. And on the list we see certificates. When I choose it and add it to the console, I'm asked who's certificates do you want to manage? I want to look at the computer certificates on this particular server so I'm going to select computer account. And on the next screen I'm going to stay with the default that says, I want to look at these certificates for this local computer. Again this will work on a Windows workstation as well. Once I click finish, I can add this to the console and I now have the ability to manage and browse through the certificates on this server. Now this is a freshly installed server with one role configured. So it doesn't have any certificates applied to it yet. So there are no personal certificates for me to look at. So instead I'm going to select Trusted Root Certification Authorities from this tree on the left. And then I'm going to double-click certificates. These are the certificates that are installed that trust existing root authorities. These are who we trust to issue us certificates. So we're going to take a look at one of these. Let me go ahead and just pick the first one. This Baltimore CyberTrust Root authority certificate. When I double click on it I can see all of its properties. And the first thing that I want to point out is right here on the General tab. This certificate has a long list of purposes. That's because it's a certificate authority that can issue certs for several different reasons. More specific certificates for verifying the identity of a computer or a user will often only have one or two lines here under the certificate purpose. When I move over to the Details tab, we can see a lot more uniquely identifying information about this certificate. The list starts out with details like the version number and a serial number. This serial number is not as uniquely identifying as you might think if you're comparing this to serial numbers on products. We'll see that in just a moment. But what you will see on here is the date range where this certificate is valid. Certificates have expiration dates and they're important. These are the dates certificates have to be renewed for this verification to stay in place. When we start talking about creating certificates of our own, we'll have a conversation about how long these valid ranges should be. Just below that, and let me scroll a little bit is the subject or subject name of the certificate. This may well be the most important part of the certificate. This is where you specify the identity of the person or the computer that this certificate identifies. If I was issuing an SSL certificate for a web server named webone.landonhotel.com Then this subject should be webone.landonhotel.com. This is where that information is contained. And just slightly further down the list, here we have the thumb print. This is the unique identifying code for this certificate. If you need to specify an individual certificate on your computer, this thumbprint is what you're going to use to select that certificate. All of these properties, the date range, the subject, the thumbprint, and in a moment we'll talk a little bit about the security features. All of these define what a certificate is used for and how effective it's going to be.
- Identifying trusted certificate authorities
- Breaking down the anatomy of a certificate
- Installing and configuring AD CS
- Backing up and recovering AD CS
- Creating and publishing certificate templates
- Enforcing certificate enrollment with AD Group Policy
- Creating an enrollment agent
- Configuring web-based certificate enrollment
- Revoking certificates