MOAC 70-412: Configuring Advanced Windows Server 2012 Services

Lab 20

Managing Certificates

This lab contains the following exercises and activities:

Exercise 20.1 / Importing and Exporting Digital Certificates
Exercise 20.2 / Creating a New User Certificate Template
Exercise 20.3 / Requesting a Certificate
Exercise 20.4 / Configuring Autoenrollment
Exercise 20.5 / Enabling Enrollment Agents
Lab Challenge / Configuring the Key Recovery Agent

§ 

Exercise 20.1 / Importing and Exporting Digital Certificates
Overview / In this exercise, export a digital certificate, delete the certificate that you exported, and then restore the certificate by importing the certificate.
Completion time / 20 minutes

28. Take a screen shot of the Certificates console by pressing Alt+Prt Scr and then paste it into your Lab 20 worksheet file in the page provided by pressing Ctrl+V.

[copy screen shot over this text]

Exercise 20.3 / Creating a New User Certificate Template
Overview / In this exercise, create a new user certificate, and make that certificate available to other users.
Completion time / 20 minutes

Mindset Question: What permissions are required in order to request a certificate?

Question 1 / What version is the User template?
Question 2 / What is the default validity period?
Exercise 20.4 / Requesting a Certificate
Overview / In this exercise, configure the web requests of certificate and request certificates manually and with the web interface.
Completion time / 35 minutes

Mindset Question: What are the different ways to request a certificate?

16. When the roles have been configured, take a screen shot of the AD CS Configuration page by pressing Alt+Prt Scr and then paste it into your Lab 20 worksheet file in the page provided by pressing Ctrl+V.

[copy screen shot over this text]

Requesting a Certificate Using the Certificate Console

9. Take a screen shot of the Internet Explorer window by pressing Alt+Prt Scr and then paste it into your Lab 20 worksheet file in the page provided by pressing Ctrl+V.

[copy screen shot over this text]

Exercise 20.5 / Configuring Autoenrollment
Overview / In this exercise, you will configure group policies to perform autoenrollment of digital certificates.
Completion time / 10 minutes

Mindset Question: Which version of digital certificate is required for autoenrollment?

Exercise 20.6 / Enabling Enrollment Agents
Overview / In this exercise, you will configure enrollment agents, which can be used to create digital certificate for other users.
Completion time / 30 minutes

Mindset Question: What is a common reason that you would use an enrollment agent?

Question 3 / Jay Bronze has a digital certificate. What template does the certificate use and hows the certificate created for Jay Bronze?

Lab REview Questions

Completion time / 10 minutes

1. In Exercise 20.1,when exporting certificate, what format also exports the private key?

2. In Exercise 20.2, how do you ensure that a newer template will replace the older templates?

3. In Exercise 20.3, what various methods can assign a digital certificate to a user?

4. In Exercise 20.4,what did you use to perform autoenrollment?

5. In Exercise 20.5, how do you make a user an enrollment agent?

Lab Challenge / Configuring the Key Recovery Agent
Overview / To complete this challenge, you will describe how to configure the Key Recovery Agent by writing the steps for the following scenerio.
Completion time / 10 minutes

You want to enable the Key Recovery Agent for the contoso.com domain. What are the primary steps in performing key archival and what tool do you use to perform each step. Then specify the steps to actually recover a certificate.

Write out the steps you performed to complete the challenge.