Configuring Secure Remote Desktop Authentication Using DoD PKI UNCLASSIFIED
4
UNCLASSIFIED
9) On the Certificate Enrollment Policy screen, select Proceed without enrollment
policy under Custom Request and click Next.
10) Select the (No template) Legacy key template. Check the Suppress default
extensions box. Ensure PKCS #10 is selected. Click Next.
NOTE: For Windows Server 2008 R2, select the (No Template) CNG Key.
11) Click the expansion arrow to the right of Details and click the Properties button.
12) Select the Subject tab. In the Subject Name box, select Type Common name. In
the Value field, enter the member server's Fully Qualified Domain Name
(FQDN) (e.g., dc1.mydomain.mil).
13) Click the Add button and the subject will appear on the right side in the form
CN=FQDN (e.g., CN=mem1.mydomain.mil).
14) Select the Private Key tab and expand Key options by clicking the expansion
arrow at the right of the Key options row. Select the Key size “2048”.. Click OK.
15) At the Certificate Information screen, click Next.
NOTE: For Windows Server 2008 R2, select the (No Template) CNG Key. The
details will display blank values, and will be set by the DoD CA upon
certificate issuance.
16) Click the Browse button to select the location to which you would like to save
the certificate signing request (CSR) file and enter a file name with a .txt
extension. Select Save as Type “All Files” and click Save. Ensure the Base 64
radio button is selected and click Finish to save the request and exit the
certificate request wizard.
Requesting a DoD-Signed Certificate
Follow the instructions in the Obtaining a PKI Certificate for a DoD Server
guide,
available on the DoD PKE website under For Administrators, Integrators & Developers >
Web Servers, to submit the CSR and retrieve the certificate for the request generated
above. Make a note of the name and path to the retrieved certificate file.
Installing the Issued Certificate
Import the certificate issued in the previous section into the RWA server.
1) On the RWA server, navigate to the MMC window containing the Local
Computer Certificates snap-in. If it has been closed, re-open it by following steps
1-6 in the Generating the Certificate Request section.
2) Right-click the Personal store and select All Tasks > Import to import the issued
server certificate.