Windows Server 2019 – Certificates in Windows Server 2019

How to Setup a Node.js Application Using PM2

“Ugh, we need to use certificates to make this work.”
– Quote from an anonymous admin who just discovered their latest technology purchase requires the use of certificates in their organization

If this sounds familiar, don’t scrap that new project just yet! For some reason, the use of certificates seems like a daunting task to many of us, even those who have worked in IT for many years. I think this is probably because there are many different options available on a certificate server, but there is not a lot of common sense or user-friendliness built into the management console for dealing with certificates. This, combined with a general lack of requirements for certificates on servers for so many years, means that, even though this technology has existed for a long time, many server administrators have not had the opportunity to dig in and deploy certificates for themselves. I regularly deploy a couple of technologies that require a broad use of certificates in an organization, often needing to issue them to every workstation or user in the network, and I hear these kinds of concerns all the time. Issuing a certificate to a single business-critical web server sounds daunting enough if you don’t have any experience with the process, let alone issuing hundreds or thousands of certificates all at once. Another common scenario is one where a company determined certificates to be in their best interests but lacked the on-staff resources to stand it up themselves, and so hired a third party to implement certificates within the network. While this gets certificates rolling, it often leaves a knowledge gap that never gets filled, so you may have a certificate server up and running, but not be at all comfortable modifying or utilizing it.

The broad term for a certificate environment is known as Public Key Infrastructure (PKI). I call that out specifically because you will probably see PKI listed in documentation or requirements at some point, if you haven’t already. Your PKI is provided by servers in your network, and configuring those servers to issue certificates for you is the purpose of this chapter. The servers that you determine to be your certificate servers are known as certification authority (CA) servers, and we will refer to them as CA servers throughout this book.

In order to get you rolling with certificates in your own network, here are the topics that we will cover in this chapter:

  • Common certificate types
  • Planning your PKI
  • Creating a new certificate template
  • Issuing your new certificates
  • Creating an auto-enrollment policy
  • Obtaining a public-authority SSL certificate
  • Exporting and importing certificates

Comments are closed.