Windows Server Verify OCSP And Certificates Using PKIVIEW and CERTUTIL
Windows Server 2016 and previous versions gave the users the option to setup their own Certificate Authority and it also gave a certificate verification role/service. This video shows how to use pkiview.msc and certutil.exe to check if your corporate or LAN's OCSP service is running and all certificates are OK. This video also shows that Windows Server can be used for servers and clients using self-signed certificates without the need to purchase certificates. Yes, purchasing a certificate does make the task easier and less restrictive, but this method is good too!
Transcript (machine generated so it contains errors)
Hello all, hello a very good day to you in this video we are basically gonna show you how to actually verify bad your OCSP Responder is working how you are based sake certificates that you generate with in your CA system is are valid okay. We acrylic videos some time back show weighing how to use your own CA and generate self signed certificates, et cetera okay, not buying certificates outside and using them internally with a neural LAN environment within your corporate environment.
Okay, let's start off with the very basics okay arm in the description. You should see links to our previous two videos where we created our root CA system and then we created certificates and we also their hands a VPN, so the first thing to do is to look at PKI view you get there very simple PKI view. If you spell it right.MSc and are will bring it in and then you'll open of this and then as you can see all we have over here is what we created from before and our certificates are okay if you want can look at them.
There are all happy happy OCSP locations working fine, everything is curd CA certificate is curd dealt as all get what you may also want to do is go over here and then type in an see run that, and then add in your certificates case out. So basically the certificates and computer account next finish Kerry you will see the bird we do have our VPN certificates created.
Okay, we can choose any one of them. The server authentication one. For example, and would strictly command to and all tasks export with all exports a week.
With the private key, or without the private key. In this instance will just do without the private key is very simple, straightforward thing here as a spirit and very simply give it any name you want will give it crt. Nothing special, save it to the desktop, that's fine finish. Export was successful. What we will do and the reason why we to the desktop first, and there were bring it to the C drive is just for simplicity, rather than me having to type in a lot in PowerShell. Okay, so let's just go to partial and all I have to do in this case is\C drive.
I can see the cert. Okay, now you are using cert you – you are all in the file name which is.CER now as you can see in's a verified certificate verified under OCSP CRLs also verified so as you can see are so sorry in CA system can run happily on windows server within your internal LAN. Even your external land that only a few restrictions to add one actually not restrictions a single bit of extra steps is that your root certificate. Okay that you create when you set it up needs to be installed on that client computers. The computers outside of your internal LAN will even if they're inside your LAN. It still needs to be installed on them. Another issue that needs to be considered is basically the that those client computers that are trying to log into your corporate environment. Either you have a public shall we say address where DNS is are resolvable if is all behind a firewall. All internal and you have opened up on your firewall. A certain route in what you will need to do is ensure that those client computers.
There are a DNS is able to actually resolve this servers address. Now when we said Wiese, along with all internal addresses, 192.168 so you would need to either in the hosts file or something give a route back to this server. That's the way the add certificates are verified and your entire system. A workout is only an extra work of the steps, however, is quite simple and once you've done this, you've actually got an entire CA system running where you can create your own certificates for software for your web servers for your VPN et cetera et cetera free users clients all that, so hopefully this video has helped and thank you for watching
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.