Implementing Microsoft DirectAccess Step by Step: Part 3
The website used for the network location server (NLS) needs to support HTTPS and can be any website that is available internally, although it is a best practice that it be highly available. For the purpose of this scenario the server WEBMO will be used to host the NLS Web site. To complete the NLS configuration the first task is to ensure that the web server hosting the NLS Web site has a valid server authentication
The website used for the network location server (NLS) needs to support HTTPS and can be any website that is available internally, although it is a best practice that it be highly available. For the purpose of this scenario the server WEBMO will be used to host the NLS Web site. To complete the NLS configuration the first task is to ensure that the web server hosting the NLS Web site has a valid server authentication
(SSL) certificate with customized subject and alternative name for the network location URL. Use the following steps to complete this task:
1. On DirectAccess click Start, type mmc, and then press ENTER.
2. Click File, and then click Add/Remove Snap-in.
3. Click Certificates, click Add, select Computer account, click next, select Local computer, click Finish, and then click OK.
4. In the console tree of the Certificates snap-in, expand Certificates (Local Computer)\Personal.
5. Right-click Certificates, point to All Tasks, and then click Request New Certificate.
6. Click Next twice.
7. On the Request Certificates page, click Web Server 2008, and then click more information is required to enroll for this certificate.
8. On the Subject tab of the Certificate Properties dialog box, in Subject name, for Type, select Common Name.
9. In Value, type nls.example.local, and then click Add.
10. In Alternative name, for Type, select DNS.
11. In Value, type nls.example.local, and then click Add.
12. Click OK, click Enroll, and then click Finish.
Note
Point 7 assumes that the Web Server 2008 certificate template was created beforehand. For the purpose of this scenario the Web Server 2008 template was a version 3 template that was duplicated from the version 1 Web Server template. The permissions for the Web Server 2008 certificate template were modified to allow Domain Computers to enroll for certificates based on this template and the private key can be exported. Lastly, the subject name and subject alternative name of a certificate can be specified during the request.
Once the certificate has been installed the next task is to install the Web Server (IIS) role and configure the HTTPS security binding on the default Web site. Use the following steps to complete this task:
1. In the console tree of Server Manager, click Roles. In the details pane, click Add Roles, and then click next.
2. On the Select Server Roles page, select the Web Server (IIS) check box, and then click Next three times.
3. Click Install.
4. Verify that all installations were successful, and then click Close.
5. Next, in Server Manager expand Web Server (IIS) and select Internet Information Services (IIS) Manager.
6. Next, expand WEBMO\Sites, and then click Default Web site.
7. In the Actions pane, click Bindings.
8. In the Site Bindings dialog box, click Add.
9. In the Add Site Binding dialog box, in the Type list, click https. In SSL Certificate, click the certificate with the name nls.example.local &. Click OK, and then click Close.
No comments:
Post a Comment