Setting Up a CA with SafeNet ProtectToolkit-M
This section explains how to configure SafeNet ProtectToolkit-M to be used with the Microsoft CA.
SafeNet ProtectToolkit-M, in conjunction with Microsoft CA, provides secure storage of keys related to signing certificates.
Before you begin, ensure that:
>you have read and understood Installation and Setup and Configuration.
>Microsoft CA has NOT been installed prior to the SafeNet ProtectToolkit-M installation.
>the current logged-on user has Windows administrator privileges.
>a keyset exists for the logged-on user.
An example of how to setup the CA with SafeNet ProtectToolkit-M on Microsoft Windows 2008 R2 follows.
NOTE This example assumes a standalone configuration for a root CA. Actual values should be chosen as required, to suit each particular installation.
To set up the CA with SafeNet ProtectToolkit-M:
1.From the Windows Control Panel, select Administrative Tools and select Server Manager from the list of tools.
2.Click Add Roles.
3.Check the box for “Active Directory Certificate Services”, click Next, and then Next again.
4.Check the box for “Certification Authority” and click Next.
5.Select Standalone and click Next.
6.Select Root CA and click Next.
7.Select the appropriate option (new or existing private key) and click Next.
8.Select the SafeNet CSP from the list, configure your cryptiographic options as required, and click Next.
9.Configure your CA name as required and click Next.
10.Set the validity period for the certificate generated for the CA as required and click Next.
11.Specify the locations for the certificate database and certificate database log and click Next.
12.Review the CA configuration. If any parameters are incorrect, use the links in the left pane to return to the appropriate page to make changes. When the configuration is correct, click Install to install the CA.
Following the successful completion of the above steps, SafeNet ProtectToolkit-M is now selected as the CSP for Microsoft CA operations. For further details regarding the Microsoft CA, please refer to your Microsoft documentation.