Example of AD CS operations with the KMES Series 3
This section provides examples of viewing the Windows Certificate Store and signing a certificate by using AD CS on the KMES,
Use the following command to view the CA certificate store. The LDAP URI depends on the Active Directory domain for your organization (such as fx.futurex.com) and the CA name (such as fx-FXCA).
Between tests you might choose to clear the certificate store by using a command similar to the following:
The following steps demonstrate one way to test using the KMES Series 3 to sign a certificate for the CA server.
Open the Certificate Manager on the CA server.
Right-click Personal and select All Tasks > Request New Certificate.
In the Certificate Enrollment window, select [ Next ].
In the Certificate Enrollment Policy window, choose a certificate enrollment service associated with the CA server, such as Active Directory Enrollment Policy for an Enterprise CA. Select [ Next ].
In the Request Certificates window, choose a certificate template and select [ Enroll ].
If the connection to the KMES succeeds, you receive a success message. If the KMES is offline you will receive an error.
To locate the certificate that you issued, perform the following steps:
- Open the Active Directory Certificate Authority tool from the Server Manager.
- Expand the node associated with your CA common name.
- Select [ Issued Certificates ].
A certificate matching your request displays on this page.