MS Win 2008 Server - PKI installation

This information is written in English only

Installation and configuration of CA, AD and CRL

This guide describes the steps for installing and configuring a Microsoft PKI infrastructure with its belongigs to support Buypass Access Manager - the LRA client.

The document is for technical personnel with knowledge of installing and configuring Windows Server 2008, Active Directory and understanding of basic PKI principles.

General requirements

Before installing the Microsoft CA, you need the following requirements:

• An established Microsoft Active Directory database
• Windows Server 2008 Enterprise media
• Windows Server 2008 Standard media
• Access to CA root server certificate
  • Only applies to installing a issuing CA in an existing Microsoft PKI Infrastrucure
• Access to CRL list from Root CA
• Enterprise admin permission in the domain
• Access to a LRA client computer with 2 Smartcard readers
• Buypass Access Enteprise license

Hardware requirements

You need the following servers - the servers can be virtualized if wanted:

• Root CA: Microsoft Server 2008 Standard
• Issuing CA: Microsoft Server 2008 Enterprise
• CRL Server: Windows Server 2008 Web edition

Installation of Microsoft Active Directory

To install and configure a Microsoft PKI infrastructure you require a Microsoft Active Directory. This and the next sections will only cover an excample of installation and configuration made in Buypass TEST environment.

AD DS Lab environment

Domain: bplab01.local
Domain functional level: Windows Server 2008

DNS

DNS records will automatically be created at the server that joins the domain. Other DNS records for internal and external zones have to be created manually.

Next >>