In this section, we will change the default SSL self-signed certificate to one that is generated by our internal certificate authority (CA). Building a PKI infrastructure is out of the scope of this book. Please look at the TechNet articles for creating a PKI infrastructure. Perform the following steps provided to complete this task:
I will try to explain the tasks that have to be completed to get a certificate from the internal CA. To get the CA certificate published, log on to the CA server and launch the Certsrv.msc console. Expand the server name. Right-click on Certificate Templates and make a duplicate copy of Webserver template. Ensure that Server Authentication is listed in the Extensions tab. Give the template a unique name. I have used
Generic Web SSL Certificate
. In the Security tab, allow the App Controller server with the Enroll permission. Then right-click on Certificates Templates in the Certsrv console. Select New...