When using domain services through a firewall the RPC ports must be limited from the range 1025-65535 to specific ports. Windows registry settings, must be implemented at least on domain controllers. It can be a advantage to implement the RPC settings on the Certificate servers, file servers and the servers that are using dynamic rpc … Read more
Execute the following command, change the timesource to a FQDN or an IP Address Stop time Service unregister and register time service Start time Service Open a Command Prompt. Type the following command and then press ENTER: Type the following command and then press ENTER: Type the following command and then press ENTER:
Prerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide here: https://scito.dk/2023/08/15/install-iis-for-certificate-authority-crl-and-root-certificate-distribution/ RootCA must be present for signing the SubCA cert. Read more here: https://scito.dk/2023/08/15/two-tier-ca-structure-offline-rootca/ Steps Step 1 Install a Windows server. Step 2 Make … Read more
Prerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide here: https://scito.dk/2023/08/15/install-iis-for-certificate-authority-crl-and-root-certificate-distribution/ Steps Step 1 Install a Windows server. Step 2 Make sure the server is fully updated Step 3 Create the file C:\Windows\CAPolicy.inf With … Read more
Open powershell and install the iis windwos feature Open the IIS manager Expand the Sites and expand the Default Web site. Right click and create new virtual directory Create the directory and name it certs. Select the path c:\inetpub\certs After this, select the new virtual directory and select the icon named Directory Browsing In the … Read more
Install the Windows feature. Open powershell as admin and execute the following command I strongly reccomend to not use the server name as the CA Common Name, since this will be an eyesore when the CA Service will be moved to another server with a different name at some point. Then the feature is installed … Read more