Configure the Certificate Authority for NDES

4min

after installing adcs and deploying an enterprise ca, you now need to configure it for use with ndes you have one domain administrator account acting as a service account and must create an ndes user acting as the application pool account create the user perform the following steps to create the ndes application pool user and assign it to iis iusrs go to start > administrative tools > server manager , and select \[ tools ] select \[ active directory users and computers ] expand your domain name and right click users select new > user give your ndes user a name and select \[ next ] specify a password for the ndes user and select \[ next ] then, select \[ finish ] right click the user you just created and select \[ add to a group ] in the enter the object names to select box , type iis iusrs and select \[ ok ] right click your ndes user and select \[ properties ] go to the member of tab and verify that the user is added to the iis iusrs group create the certificate template perform the following steps to create the ndes certificate template go to start > administrative tools > server manager , and select \[ tools ] select \[ certification authority ] on the left toolbar, expand your domain and right click certificate templates then, select \[ manage ] locate the web server certificate template right click and select \[ duplicate template ] in general , give the certificate template a name (for example ndes encryption ) in subject name , select supply in the request in extensions , select application policies > edit and add both client authentication and server authentication in security , select \[ add ] and perform the following steps in the enter the object names to select box, enter the name of your ndes application pool user and select \[ ok ] give your ndes application pool user the read and enroll permissions for the certificate give your ndes service account full control in request handling , set the purpose to signature and encryption select the options include symmetric algorithms allowed by the subject and allow private keys to be exported select \[ apply ] to save your changes, and then select \[ ok ] deploy the certificate perform the following steps to deploy the ndes certificate go to start > administrative tools > server manager and select \[ tools ] select \[ certification authority ] expand your domain on the left toolbar and right click certificate templates then, select new > certificate template to issue select your ndes certificate you just created and select \[ ok ] for more information on installing and configuring active directory certificate services ndes, refer to the microsoft documentation

Install and configure AD CS

Configure Active Directory Certificate Services - NDES