PKI for Network Engineers (2.5/?): Web Server basic Setup


In this post we’re going to take a quick walk-though of the the web server that will host our Root certs, CRLs (certificate revocation lists) and act as the Online Responder for our CAs.  This server is referenced in the AIA and CDP fields of the certificates we issue, so clients will check with this server as part of the certificate validation process.

Because this is the place clients always come to check certificate validity, high availability is important.  In a production install this would be two or more servers ideally sitting behind a load balancer with a virtual ip address.



Happy labbing!



Leave a Reply