In this lab, we will explore the properties of different kinds of digital certificates and use Windows to request, issue, and revoke certificates.
we will need the following virtual machines: Windows 2016-DC, Windows 2016-MS, Windows 10-WS and RT-LAN turned on.
EXERCISE 1 – Exploring the Certificate Server
Now lets switch into Windows 2016-DC and go in Server Manager > Tools > Certification Authority
and then view the certificate, note the root certificate (“Certificate #0”). Note also the identity of the cryptographic provider (“Microsoft Software Key Storage Provider”)
Now examine all the fields and we looked on each field and from the Lab file understood what each field meant.
After that Close that dialog box and click on Extensions tab. Note the locations of Certificate Revocation Lists (CRLs).
Then Close the dialog box and then In the “Certification Authority” console, expand the server classroom-CA to view the subfolders.
Now, Select the Certificate Templates folder.
EXERCISE 2 – Requesting and Revoking Certification
In this exercise, we will request a certificate for the WIN2016-MS member server and use it to configure a secure web service. Then we will explore options for revoking the certification.
Now lets switch to Windows 10-WS in classroom\Administrator account and open run dialog, type https://win2016-
ms.classroom.local and click OK.
Now let’s Switch to the WIN2016-DC VM and observe the web server certificate in the Issued Certificates folder.
Now, Press Start+R to open the “Run” dialog then type certsrv.msc /e and press Enter. See what happens
After that switch to WIN10-WS VM and go to https://updates.classroom.local again. Is any warning displayed? NO error displayed
CT & A
The main purpose for the lab was to create a scenario in which you secure your files and documents from specific users if the key or certificate has been deleted or tampered then it demonstrates how to recover the certificate / key which can be quite difficult sometimes but you should know how to obtain that. It is really important to know how to do and recover the key.
Problems
Few problems i had with this lab but i found solutions to them which was adding that local site as trusted site as mentioned earlier and also learned if the local website doesn’t work in the recommended browser then you might have to try something old school (IE browser) to resolve the problems. The main part was the end part of lab where i have to retrieve the key through CMD but somehow it didn’t worked for me mystery unsolved but i’m sure i follow the guide and do the lab again i can do it.
Imagine in IT 