Manually Request a PKI Certificate

This virtual lab teaches learners how to manually request a private key infrastructure (PKI) certificates for a device. Learners use the Windows Server 2016 Certificate Templates console and the Microsoft Management Console (MMC) to configure and issue certificates. Finally, lab participants backup certificate and private key information by exporting to a .pfx binary file type.

Beginners who have a rudimentary knowledge of server management and Windows Server Manager, have the background needed for successful lab completion. Learners must set enough time to go through all the lab modules in one sitting. The lab environment includes access to a virtual machine configured with a domain controller for Active Directory and an enterprise root certificate authority (CA).

Lab exercises walk users through securing computer infrastructure with PKI technology. Learners issue a certificate configured from a default workstation template and request and duplicate a computer certificate, in case a replacement is needed. This hands-on experience provides critical skills in handling network and information systems security, as PKI certificates provide standard user authentication, digital signatures, and data encryption implemented across many organizations and applications.

Understanding the Scenario:

In this IT Pro Challenge, you are a system administrator for a company that uses a public key infrastructure (PKI) to secure data systems and digital assets. You need to request a client authentication PKI certificate for a device manually. First, you configure a certificate template that allows private keys to export. Next, you use the MMC tool to request a computer certificate. Finally, you export the certificate and private key for backup purposes.

Configure a Custom Certificate Template:

In this lab section, learners duplicate a workstation authentication template and modify it to get the computer name from the Active Directory information and configure settings to complete the subsequent exercises. Then users enable the new custom workstation authentication template. Upon finishing this section, learners know how to issue a workstation certificate for many authentication purposes, such as networks, VPNs, and web servers.

Request a Computer Certificate Manually Using MMC:

Lab instructions, for this portion, show learners how to add the certificate snap-in to the MMC to view and manage certificate templates in one place. Then the user requests a certificate from the MMC from the template created in the previous lab section. To check their work, learners check for the new certificate in the Certificates console. Upon successful completion, learners know how to customize and test certificate creation for a server or any computer connected to the domain.

Export the Computer Certificate for Backup Purposes:

You use the MMC Certificate Export Wizard to export a newly issued certificate copy to the documents folder. The Wizard provides the option to export the private key with the certificate as the first lab section instructs how to set the certificate template to accept this request. You save the backup certificate, on the Windows platform, as a .pfx binary type, the most common format. Then you confirm a successful save. The lab guides the learner to secure the private key by reducing the risk of exposing the backup to other parties.

Summary:

At the end of this “Request a PKI Certificate Manually” challenge, you know how to issue, request, and manage a custom workstation authentication certificate. Your skills strengthen infrastructure security, fostering information sharing, and trust within an organization.