In part 1 of this series, you configured your LAB for a 2 tier PKI hierarchy running on Windows Server 2016. You used PowerShell to create some virtual machines, and then installed Windows Server 2016, Windows 10 Enterprise version 1803 and optionally Smoothwall 3.1 before configuring the IP address scheme and Computer Names on the virtual machines. Finally you configured ADDS on DC01 so that you have a working Domain Controller for the rest of this LAB. In part 2 you installed and did the initial configuration on the Standalone Offline Root CA. In this part you will prepare the HTTP Web Server for CDP and AIA Publication. But before you get started with that, please have a read below of what a CDP and AIA actually are.
What is a CDP ?
A CDP (CRL Distribution Point) is an extension that contains links to the CRL of the issuer of the certificate which is being verified (1).
The certificate revocation list distribution point (CDP) is a path represented as one or more attributes on every certificate issued by a PKI. This path, literal, share, lightweight directory access protocol (LDAP), and HTTP is clearly defined and uses variables to simplify the configuration. After definition, the PKI publishes CRLs and delta CRLs (if you choose to publish delta CRLs) for the computers that hold certificates that it has issued (2).
What is an AIA ?
An AIA (Authority Information Access) is an extension that contains links to the certificate of the issuer of the certificate which is being verified.
Step 1. Join the web server computer to the domain
When you installed the web server virtual machine (#11_Webserver) in part 1, it was workgroup joined. To join the domain do as follows. Logon to the web server virtual machine as Administrator. In Windows File Explorer, right click on This PC and choose Properties. Click on Change Settings beside Computer name, domain and workgroup settings.
In the System Properties screen, click on Change.
In the Member of field select Domain and enter the domain name you configured in part 1.
enter credentials required for Domain join membership (eg: windowsnoob\administrator)
click OK and click OK again when prompted with the welcome
click OK
Click OK, click Close then click Restart Now.
After the reboot login to the domain as windowsnoob\administrator
Alternatively, to join the domain automatically, use the joindomain.ps1 PowerShell script which you can download from here.
1. Copy the script to C:\Scripts on the webserver.
2. Edit the variables (lines 16-18) as desired before running.
3. Start Windows PowerShell ISE as Administrator and run the script by clicking on the green triangle.
You can read the rest of this guide @ windows-noob.com here
