Designing a Public Key Infrastructure Copyright  2002 Microsoft Corporation. All Rights Reserved. Tasks Detailed Steps Important: Perform the following procedures at both partner computers. 1. Log on to your domain as certcomputer (where computer is the NetBIOS name of your computer) with password of password. a. Log off the current user. b. Log on to the network with the following credentials: User name: certcomputer (where computer is the NetBIOS name of your computer) Password: password Log on to: domain (where domain is the NetBIOS name of your domain). 2. Load the Certificates console in MMC. c. On the Start menu, click Run, type mmc and then press ENTER. d. On the Console menu, click Add/Remove Snap-in. e. In the Add/Remove Snap-in dialog box, click Add. f. On the Add Standalone Snap-in dialog box, click Certificates click Add, and then click Close. g. Click OK to close the Add/Remove Snap-in dialog box. h. On the Console menu, click Save As. i. In the Save As dialog box, type Certificate Management in the File name box, and then click Save. Designing a Public Key Infrastructure Copyright  2002 Microsoft Corporation. All Rights Reserved. Tasks Detailed Steps 3. Request a new certificate named Web Client that uses Microsoft Base Cryptographic Provider v1.0 as the cryptographic service provider and that uses the CA from your domain as the certification authority. j. In the console tree, expand Certificates – Current User, and then select Personal. k. Right-click Personal, point to All Tasks, and then click Request New Certificate. l. In the Certificate Request wizard, click Next. m. In the Certificate Template page, select Advanced options, and then click Next. n. Accept the default (Microsoft Base Cryptographic Provider v1.0) on the Cryptographic Service Provider page, and then click Next. o. In the Certification Authority page, click Browse. p. In the Select Certification Authority dialog box, select the CA from your domain, and then click OK. q. In the Certification Authority page, verify the CA and computer names, and then click Next. r. In the Certificate Friendly Name and Description page, in the Friendly name box, type Web Client and then click Next. s. Click Finish. 4. View and install the certificate. t. In the Certificate Request Wizard dialog box, click View Certificate. Can this certificate be used to authenticate with a Web-based application? Why or why not? Yes. The certificate can be used to prove your identity to a remote computer. The certificate can also be used to encrypt data on a disk and to protect e-mail messages. 4. (continued) u. Click OK to close the Certificate dialog box. v. In the Certificate Request Wizard dialog box, click Install Certificate. w. Click OK. Designing a Public Key Infrastructure Copyright  2002 Microsoft Corporation. All Rights Reserved. Tasks Detailed Steps 5. Verify the installation of the certificate. x. In the console tree, expand Personal, and then click Certificates. y. In the details pane, double-click the Certcomputer certificate. z. Click the Certification Path tab. What is the certification path for the certificate? EnterpriseCA =>Your Domain CA =>Web Client 5. (continued) aa. Click OK. 6. Export the certcomputer certificate by using Base-64 encoded binary X.509 format to a file named c:\export.cer bb. In the details pane, right-click the certcomputer certificate, point to All Tasks, and then click Export. cc. In the Certificate Export wizard, click Next. dd. In the Export Private Key page, click Next. ee. In the Export File Format page, select Base-64 encoded x.509 (.CER), and then click Next. ff. In the File to Export page, type c:\export and then click Next. gg. Click Finish. hh. In the Certificate Export Wizard message box, click OK to confirm the export. ii. Close all windows and log off. Designing a Public Key Infrastructure Copyright  2002 Microsoft Corporation. All Rights Reserved. Tasks Detailed Steps Why was the Base-64 encoded binary x.509 certificate format selected? Certificate mapping that uses an import file requires that the import file be a text-based (ASCII) version of the certificate. What security risk is involved with this step? The certificate file must be securely transported to the Web server so that the certificate can be mapped to a user account. . Add/Remove Snap-in. e. In the Add/Remove Snap-in dialog box, click Add. f. On the Add Standalone Snap-in dialog box, click Certificates click Add, and then. Add/Remove Snap-in dialog box. h. On the Console menu, click Save As. i. In the Save As dialog box, type Certificate Management in the File name box, and