Monday, November 10, 2008

Buliding your own CA infrastructure with Windows 2003

This post explains how you can build your own Certfication Authority[CA] with Windows 2003.

I have explained the same in my previous post - but with OpenSSL.

1. First make sure that you have installed Certificate Services.

2. Select stand-alone root CA.

3. Set private/public key pair for the CA.

4. Set certificate database settings.

5. Done. Your CA is ready to issue certificates.

Let's create private/public key pair for any server and generate a certificate signing request [CSR] for it.
[SAMPLE]\>keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks

[SAMPLE]\>keytool -certreq -keystore wso2wsas.jks -alias wso2wsas -file wso2wsas.cert.req
The above will generate the CSR - wso2wsas.cert.req, which we can submit to the CA which we just created, to get it signed.

1. Go to Control Panel --> Certification Authority.

2. Right click on WSO2CA --> All Tasks --> Submit New Request --> Submit the file wso2wsas.cert.req.

3. Now, you'll find the submitted request under, 'Pending Requests'.

4. Righ click on it --> All Tasks --> Issue.

You'll find the signed certificate under 'Issued Certificates'.