Overview

Introduction

The Manage Certificates Part 2 module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Installing an Enterprise Root CA Server
  • Manage Certificate Online Responder
  • Testing OCSP

Lab Time: It will take approximately 1 hour to complete the exercises in this lab.

Exam Objectives

  • Install Active Directory Integrated Enterprise Certificate Authority
  • Install and configure Online Responder

Exercise 1 - Installing an Enterprise Root CA

An Enterprise Root CA is the starting point of an organization’s public key infrastructure for the issuance of certificates (keys) to a user, computer or network service.

In this exercise, you will install an Enterprise Root CA as this is required to be able to meet the necessary pre-requisites for setting up a online certificate responder in the lab environment.

Exercise 2 - Managing Certificate Online Responder

For large organizations that maintain a multi-tier Certification Authority (CA) servers that span geographical locations, ensuring that issued certificates are valid or otherwise can prove a challenge. Traditionally, CA servers rely on Certificate Revocation List (CRLs) to manage the status of a certificate. This method is practical for CAs that issue a limited number of certificates. However, for companies that revoke certificates on a regular basis, checking the CRLs as it grows, require additional bandwidth as the list must be propagated to other servers. This can considerably cause delays as users and network applications wait for a longer response.

The Online Certification Status Protocol (OCSP) provides the efficiency of managing issued certificates by offloading CRL checking done on a CA server. Since there is an interval as to when CRLs are propagated by the CA server, a server running the OCSP service can give real-time updates as to whether the certificate being used by an entity such as a web server is valid or otherwise.

Exercise 3 - Testing OCSP

In the previous exercise, you have installed the Enterprise Root CA server, enabled support for the OCSP in the existing CA server and ensured automatic enrollment for computer certificate.

You have successfully installed and configured the Online Certificate Status Protocol (OCSP) on a dedicated server and have demonstrated that the service is functional.

In this exercise, you will test the validity of the online responder by configuring a test web server, set up the server for a computer certificate and finally verify that OCSP feature is working.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.