EAP-TLS, PEAP-MSCHAPv2, LDAP/TLS require a digital certificate be installed on your RADIUS server. The certificate provides authentication, encryption, and validation. Follow the steps below to create an offline certificate request on your Windows server when obtaining a certificate from a commercial or standalone Certificate Authority. Show
1. Log into your Windows server running IAS or NPS (RADIUS Server). 2. Launch the Microsoft Management Console (mmc.exe). 3. Select File menu > Add/Remove Snap-in. 4. Choose Certificates from Available Snap-ins and click Add. 5. Choose Computer account for snap-in management and click Next. 6. Choose Local computer to use the snap-in on the current computer and click Finish. 7. When back at the Add or Remove Snap-ins click OK.
1. From the Certificate manager console, navigate to Certificates (Local Computer) > Personal > Certificates. Right click Certificates and navigate to All tasks > Advanced options and select Create custom request. 2. The Certificate Enrollment Wizard will open. Review the Before You Begin section and click Next. 3. Leave the default "No template" option for Custom request and click Next. 4. On Certificate Information, expand Details then click the Properties button. 5. When Certificate Properties opens to the General tab, fill out the Friendly name and Description values. These values are not required but are useful to distinguishing your certificate among other installed certificates. 6. Select the Subject tab. Add values to the Subject name and Alternative name attributes. To add the attributes, select an attribute Type from the drop down, enter the correct Value and then click Add. Below are the values that should be filled out:
7. Select the Extensions tab, expand Key usage, select Digital signature and Key encipherment from the Available options and click Add to place in Selected options. The Make these key usages critical box is checked by default. 8. On the Extensions tab, expand Extended Key Usage (application policies), select Server Authentication and optionally Client Authentication from the Available options and click Add to place in Selected options. 9. Select the Private Key tab. Expand Cryptographic Service Provider. For Select cryptographic service provider, make sure RSA, Microsoft Software Key Storage Provider is the only boxed checked. Expand Key options and select 2048 in the Key size drop down. 10. On the Private Key tab, expand Select Hash Algorithm. For the Hash Algorithm drop down, select sha1 which is the only e hashing compatible dynamic keying and then click OK. 11. On the "Where do you want to save the offline request?", give your certificate request file a name and save it to a location on your computer. In the example below, the certificate request file is named certreq711 and it is saved at the root of C:. Make sure the File format is set to Base 64 and then click Finish. 12. After creating your certificate request, you will need to submit it to a Certificate Authority so they can process your request and issue a certificate. The certificate request is a text file. Usually, you are required to copy the text from the file and enter it into an online submission form on the Certificate Authority website. You will need to contact your Certificate Authority directly for instructions on the process for submitting your certificate request. Follow the certificate request submission instructions provided by your Certificate Authority. Once your CA has processed your request and issues the certificate, download it to your server so it can be imported. Once your CA has provided you the certificate, please refer to Microsoft documentation for instructions on how to import the certificate.
Internet Information Services (IIS) is a flexible, general-purpose web server from Microsoft that runs on Windows systems to serve requested HTML pages or files. An IIS web server accepts requests from remote client computers and returns the appropriate response. This basic functionality allows web servers to share and deliver information across local area networks (LAN), such as corporate intranets, and wide area networks (WAN), such as the Internet. A web server can deliver information to users in several forms, such as static webpages coded in HTML; through file exchanges as downloads and uploads; and text documents, image files and more. Web servers provide portalsModern web servers can provide far more functionality for a business and its users. Web servers are often used as portals for sophisticated, highly interactive, web-based applications that tie enterprise middleware and back-end applications together to create enterprise-class systems. For example, Amazon Web Services allows users to administer public cloud resources through a web-based portal. Meanwhile, streaming media services, such as Spotify for music and Netflix for movies, deliver real-time streaming content through web servers. How IIS worksIIS works through a variety of standard languages and protocols. HTML is used to create elements such as text, buttons, image placements, direct interactions/behaviors and hyperlinks. The Hypertext Transfer Protocol (HTTP) is the basic communication protocol used to exchange information between web servers and users. HTTPS -- HTTP over Secure Sockets Layer (SSL) -- uses Transport Layer Security or SSL to encrypt the communication for added data security. The File Transfer Protocol (FTP), or its secure variant, FTPS, can transfer files. Additional supported protocols include the Simple Mail Transfer Protocol (SMTP), to send and receive email, and the Network News Transfer Protocol, to deliver articles on USENET. IIS works with ASP.NET CoreThe ASP.NET Core framework is the latest generation of Active Server Page (ASP), a server-side script engine that produces interactive webpages. A request comes in to the IIS server from the web, which sends the request to the ASP.NET Core application, which processes the request and sends its response back to the IIS server and the client who originated the request. Examples of applications written on ASP.NET Core include blog platforms and content management systems (CMS). Developers can produce IIS websites with a number of tools, including WebDav, which can create and publish web content. Developers can also use integrated development tools, such as Microsoft Visual Studio. Versions of IISIIS has evolved along with Microsoft Windows. Early versions of IIS arrived with Windows NT. IIS 1.0 appeared with Windows NT 3.51, and evolved through IIS 4.0 with Windows NT 4.0. IIS 5.0 shipped with Windows 2000. Microsoft added IIS 6.0 to Windows Server 2003. IIS 7.0 offered a major redesign with Windows Server 2008 (IIS 7.5 is in Windows Server 2008 R2). IIS 8.0 came with Windows Server 2012 (Windows Server 2012 R2 uses IIS 8.5). And IIS 10 arrived with Windows Server 2016 and Windows 10. With each iteration of IIS, Microsoft has added new features and updated existing functionality. For example, IIS 3.0 added ASP for dynamic scripting; IIS 6.0 added support for IPv6 and improved security and reliability; and IIS 8.0 brought multicore scaling on non-uniform memory access hardware, centralized SSL certificate support and Server Name Indication. Features in IIS 10IIS 10 also adds a number of new features and functionality. IIS 10 adds support for the HTTP/2 protocol, to offer more efficient resource use and lower latency compared to HTTP 1.1. IIS 10 works on the minimal server deployment model Nano Server under Windows Server 2016, and can run ASP.NET Core, Apache Tomcat and PHP workloads on IIS on the Nano Server. IIS 10 works in a container and virtual machine, so developers and administrators have more flexibility in deployment choices, as well as the density to accommodate a broad range of web applications. IIS Express for testingMicrosoft provides a self-contained version of IIS, called IIS Express, for developers to test websites. IIS Express offers all the major capabilities of the full IIS web server, but allows many tasks to be performed without administrative privileges. SecurityTo ensure a website is secure, organizations need to take security measures to protect the web server from security breaches. Companies can use features built into IIS to harden the IIS. Some of the ways to harden Windows IIS include:
Steps to install and configure IISThe following is how to install IIS on a server running Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016 and Microsoft Windows Server 2019. These are the steps for how to install IIS using the Server Manager:
The following are the steps for how to install IIS in the PowerShell:
The following are steps for how to configure IIS using the Server Manager:
When IIS is installed, it’s preconfigured to serve as a default website. However, to change the basic settings for the website:
Follow these steps to create a new website in IIS:
IIS vs. ApacheDifferences between IIS and Apache include:
|