Authentik

Authentik Security, Part Eleven

Sep 18, 2023 • 2 min read

Configure Authentik

Steps performed on fileserver via mmc.exe

Click on File then Add/Remove Snap In
Select Certificates then click Add
Select Computer Account then click Finish, then OK
Right click on Personal
Navigate to All Tasks and select Request New Certificate
In the Certificate Enrollment Wizard click Next
Click Next again
I place a checkmark next to Computer
I open the carrot
I click on Properties
On the General Tab: fs-01.domain.local
On the Subject Tab:
- Common Name: fs-01.domain.local
- Organization: domain.local
- Organization Unit: IT
- Locality: Columbus
- State: OH
- Country: US
On the Private Key Tab:
- I expand Cryptographic Service Provider
  - and verify Microsoft RSA SChannel Cryptographic Provider (Encryption) is checked
- I expand Key options
  - Key Size: 4096
  - I check Make private key exportable
  - I check Strong private key protection
On the Extensions Tab:
- I expand Extended Key Usage (application policies)
  - I verify Server Authentication is selected
  - I verify Client Authentication is selected
On the Subject Tab:
- Under Alternative Name
  - Type: DNS
  - Value: fs-01.domain.local
  - I click on Add
  - Type: IP Address (v4)
  - Value: 10.100.100.1
I click on OK
I click on Enroll
I click on OK and then Finish

Steps performed on fileserver via PowerShell

if (!(Test-Path C:\Certs)) {New-Item -Path C:\ -Name Certs -ItemType Directory}
Get-ChildItem Cert:\LocalMachine\My\ | Select-Object ThumbPrint, Subject, NotAfter, EnhancedKeyUsageList
$password = ConvertTo-SecureString -String '**123456**' -Force -AsPlainText
Get-ChildItem -Path Cert:\LocalMachine\My\**XXXXXXXXXXXXX** | Export-PfxCertificate -FilePath C:\Cert\adfs001.pfx -Password $password
I click on OK

Steps performed on fileserver from Server Manager

I get the message The server was successfully configured. Hooray! I finish today's steps with a quick reboot, and I'll pick up from here tomorrow.