1
00:00:00,970 --> 00:00:05,980
In this loop, we'll see how to deploy and use certificates.

2
00:00:06,760 --> 00:00:14,830
As you remember, scenario for this SLAPP is that you are working as an administrator at a datum corporation.

3
00:00:15,340 --> 00:00:20,710
As a datum expands, its security requirements are also increasing.

4
00:00:21,250 --> 00:00:30,230
The security department particular is interested in enabling secure access to critical websites and

5
00:00:30,250 --> 00:00:38,260
in providing additional security for features such as air fares, digital signatures, smart cards and

6
00:00:38,260 --> 00:00:42,250
the direct access feature in Windows ten.

7
00:00:43,000 --> 00:00:50,890
The security department especially wants to evaluate digital signatures in Microsoft Office documents

8
00:00:51,760 --> 00:00:55,120
to address this and other security requirements.

9
00:00:55,450 --> 00:01:04,630
It has decided to use certificates issued by the ADC as rule in Windows Server 2016.

10
00:01:06,160 --> 00:01:13,450
As an administrator at a datum you are responsible for implementing certificate enrollment.

11
00:01:14,080 --> 00:01:22,840
You also will be deploying the procedures and processes for managing certificate templates and for deploying

12
00:01:23,050 --> 00:01:24,970
and rewarding certificates.

13
00:01:25,720 --> 00:01:28,000
So let's start with exercise one.

14
00:01:28,000 --> 00:01:31,630
Where will configure certificate templates?

15
00:01:33,340 --> 00:01:39,490
In Task one will create a new template based on the web server template.

16
00:01:40,180 --> 00:01:43,080
I'll go to a longer one and server manager.

17
00:01:43,090 --> 00:01:50,590
I'll click tools and then I'll click Certification Authority and in Certification Authority Console,

18
00:01:50,590 --> 00:01:52,090
I'll expand it to them.

19
00:01:52,120 --> 00:01:55,390
See and right click certificate template.

20
00:01:56,520 --> 00:02:01,270
And then select, manage and the certificate templates console.

21
00:02:01,290 --> 00:02:10,290
I will look into the web server template in the list and right click it and then click duplicate template,

22
00:02:11,100 --> 00:02:18,890
click the general type in the template, display name tags, books and type production, web server

23
00:02:18,900 --> 00:02:23,240
and then type three in the validity period textbooks.

24
00:02:23,850 --> 00:02:32,220
Click the request handling tab select allow private key to be exported and then click okay.

25
00:02:32,820 --> 00:02:41,280
Minimize the certificate templates in the Certification Authority console on well on this one, right

26
00:02:41,280 --> 00:02:43,890
click revoke certificates select.

27
00:02:44,980 --> 00:02:45,880
All tasks.

28
00:02:46,240 --> 00:02:47,860
Click, publish and then click.

29
00:02:47,860 --> 00:02:48,280
Okay.

30
00:02:49,470 --> 00:02:54,990
In Task two will create a new template for users that includes smart cards.

31
00:02:54,990 --> 00:03:02,160
Sign in of one, two, three, one and Server Manager Click Tools and then Click Certification Authority,

32
00:03:02,550 --> 00:03:10,530
expand to date and see right click certificate templates and then click manage and the Certificate Templates

33
00:03:10,530 --> 00:03:11,040
console.

34
00:03:11,310 --> 00:03:18,960
Right click the user certificate template and then click duplicate template in the properties of new

35
00:03:18,960 --> 00:03:20,280
template dialog box.

36
00:03:20,610 --> 00:03:28,920
Click the general tab element in the template display name textbooks, type a date and user.

37
00:03:29,920 --> 00:03:38,720
All this subject name to clear both the include email name and in subject name and email name check

38
00:03:38,770 --> 00:03:47,380
books of all the extension step click application policies, then click added in the added application

39
00:03:47,380 --> 00:03:56,170
policies extension dialog box, click add and in the Add Application Policy Dialog Box, select, smart,

40
00:03:56,170 --> 00:03:58,690
colorful and role and then click okay twice.

41
00:03:59,870 --> 00:04:08,090
Click the superseded template, step, click and collect the user template and then click okay all the

42
00:04:08,090 --> 00:04:15,340
security tap click authenticated users and under permissions for authenticated users.

43
00:04:15,340 --> 00:04:23,390
Select the allow checkboxes for root and roll and or turn roll and then click.

44
00:04:23,390 --> 00:04:23,840
Okay.

45
00:04:24,140 --> 00:04:26,330
Close the certificate templates.

46
00:04:26,330 --> 00:04:26,900
Cancel.

47
00:04:27,810 --> 00:04:35,130
Now Task three, where we have to configure templates so that they can be issued all on display.

48
00:04:35,130 --> 00:04:42,600
One in the Certification Authority console, right click certificate templates point to new and then

49
00:04:42,600 --> 00:04:48,960
click certificate template to issue and the Enable Certificate Templates window.

50
00:04:49,440 --> 00:04:56,400
Hold the control key and click both a datum user and production web server.

51
00:04:56,790 --> 00:04:57,750
Then click okay.

52
00:04:58,920 --> 00:05:07,140
And finally, the task force where we have to enroll the web server certificate on long as we are to

53
00:05:07,710 --> 00:05:15,030
I will switch to along as you are to click start and then click the Windows PowerShell as a common prompt

54
00:05:15,030 --> 00:05:16,380
of Windows PowerShell.

55
00:05:16,620 --> 00:05:21,600
I'll type update, slash force and then press enter.

56
00:05:22,570 --> 00:05:29,800
Good start and then click server manager from Server Manager Click Tools and then click Internet Information

57
00:05:29,800 --> 00:05:39,040
Services Manager or yes manager in the areas console click long as we are to and then in the center

58
00:05:39,040 --> 00:05:47,440
open double click server certificates in the actions plan click create the main certificate and on the

59
00:05:47,440 --> 00:05:55,450
distinguished name properties page, complete the full on filter, then click next out common name which

60
00:05:55,450 --> 00:06:06,100
as long as we are to download it to the gloom organization 8:08 a.m. Organizational Unit t city, state,

61
00:06:06,730 --> 00:06:09,280
country and region which of the US?

62
00:06:10,500 --> 00:06:13,440
All the online certification authority page.

63
00:06:13,680 --> 00:06:14,640
Click Select.

64
00:06:15,030 --> 00:06:20,790
Click Add item and then click okay in the friendly name text box type.

65
00:06:22,320 --> 00:06:24,660
As we are two of them click finish.

66
00:06:25,410 --> 00:06:32,520
Ensure that the certificate displays in the server certificates console in the I as console.

67
00:06:32,520 --> 00:06:34,230
Expound long duchess.

68
00:06:34,230 --> 00:06:41,940
We are to expand sites and then click default website and the action spend click by emergence and to

69
00:06:41,940 --> 00:06:44,730
the side bindings window select and.

70
00:06:45,830 --> 00:06:54,710
In the outside by the window select a stitch appears from the type dropdown list in the SSL certificate

71
00:06:54,710 --> 00:06:55,730
dropdown list.

72
00:06:55,730 --> 00:07:03,200
Click along the shows we are to click okay and then click close closed Internet Information Services

73
00:07:03,200 --> 00:07:12,140
Manager and three Stolen Client one do the search field type Internet Explorer Click Internet Explorer

74
00:07:12,140 --> 00:07:22,520
in the search results returned and in Internet Explorer type HTP URLs colons won't disappear as we are

75
00:07:22,520 --> 00:07:31,220
2.2.1. com in the address bar and then press enter ensure that the Internet Information Services page

76
00:07:31,580 --> 00:07:35,300
opens and that no certificate error displays.

77
00:07:36,470 --> 00:07:43,520
Now let's switch over to Exercise two, where we'll be enrolling on to your certificates.

78
00:07:45,550 --> 00:07:53,260
In Task one, we'll be configuring auto enrolment for user so on on this one and server manager click

79
00:07:53,260 --> 00:07:56,020
tools and then click group policy management.

80
00:07:56,440 --> 00:08:00,850
Expand Forest Area on dot com expense domains.

81
00:08:01,240 --> 00:08:05,350
88. com right click default domain policy.

82
00:08:05,350 --> 00:08:14,860
And then click added expand user configuration Expand Policies Window Settings, Security Settings Alarm

83
00:08:14,860 --> 00:08:22,990
Click to highlight public key policies in the details pane double click certificate services, client

84
00:08:23,290 --> 00:08:33,160
auto enrolment and to the configuration model dropdown list Click Enabled Select Renew Expired Certificates,

85
00:08:33,640 --> 00:08:42,970
Update Pending Certificates and remove recall Remove certificates and update certificates that use certificate

86
00:08:42,970 --> 00:08:43,630
templates.

87
00:08:44,200 --> 00:08:52,330
Then click okay to close a purchase window in the right pane, double click the certificate services,

88
00:08:52,330 --> 00:09:01,360
client certificate, enrolment policy object and all the enrolment policy step third to the configuration

89
00:09:01,360 --> 00:09:10,660
model to enabled and then ensure the certificate enrolment policy list displays the Active Directory

90
00:09:10,660 --> 00:09:11,920
enrolment policy.

91
00:09:13,310 --> 00:09:18,710
It should have a checkmark next to it and display a status of enabled.

92
00:09:19,190 --> 00:09:21,080
Click okay to close the window.

93
00:09:21,080 --> 00:09:27,200
Close both to the group policy management editor window and the group policy management console.

94
00:09:28,230 --> 00:09:28,500
No.

95
00:09:28,500 --> 00:09:37,430
Let's switch over to task two where we have to verify auto enrolment on implant one, click start type

96
00:09:37,500 --> 00:09:41,460
PowerShell and then click PowerShell icon.

97
00:09:42,650 --> 00:09:50,300
The Windows PowerShell command prompt old time GP update slash false and then press enter after the

98
00:09:50,300 --> 00:10:00,890
policy refreshes type MCU dot C and then press enter in console one click file and click add remove

99
00:10:00,890 --> 00:10:09,860
snapping click certificates, click add, click finish and then click okay expense certificates current

100
00:10:09,860 --> 00:10:13,760
user expense personal and then click certificates.

101
00:10:14,390 --> 00:10:23,200
Verify that a certificate based on the eight item user template is issued to administrator to verify

102
00:10:23,230 --> 00:10:30,530
the name of the template, scroll to the right in the console window and then close console while reload

103
00:10:30,530 --> 00:10:37,250
saving changes then staying out of clone long client one.

104
00:10:38,300 --> 00:10:44,780
Just three where we have to configure the enrollment agent for smart card certificates.

105
00:10:45,170 --> 00:10:50,390
So on launch this one and server manager click tools and then click open.

106
00:10:51,850 --> 00:10:57,940
Certification Authority mountains are served as a service console.

107
00:10:57,940 --> 00:11:05,080
Still expect a datum CAA right click certificate templates and then click manage and the certificate

108
00:11:05,080 --> 00:11:13,510
templates console double click and enrollment agent and click the security tab and then click add in

109
00:11:13,510 --> 00:11:19,900
the select users computer service accounts or groups window type and it.

110
00:11:20,960 --> 00:11:24,440
Click chick names and then click okay.

111
00:11:25,220 --> 00:11:33,910
On the security tab, click any corner, select the allow checkbox for redirect control permission and

112
00:11:33,960 --> 00:11:34,580
then click.

113
00:11:34,580 --> 00:11:35,060
Okay.

114
00:11:35,690 --> 00:11:44,600
Close the certificate templates console in the search survey console, right click certificate templates

115
00:11:44,600 --> 00:11:49,160
point new and then click certificate template issue.

116
00:11:50,090 --> 00:11:55,610
In the list of templates, click enrollment agent and then click okay.

117
00:11:56,620 --> 00:12:04,990
Now a switch to a long client one and sign in as a datum and a user visit with your password.

118
00:12:05,800 --> 00:12:14,180
Click Start Command Prompt and then press press enter as a common prompt window time M.C. Adult Excel

119
00:12:14,200 --> 00:12:22,870
then pro center and console one click file click add and remove snipping click certificate alarm click

120
00:12:22,870 --> 00:12:33,100
add and then click okay expense certificates Current User Expense Personal Click Certificates and Right

121
00:12:33,100 --> 00:12:34,210
Click Certificates.

122
00:12:35,260 --> 00:12:43,600
Parent to all tasks and then click request new certificate and to the certificate certificate enrollment

123
00:12:43,600 --> 00:12:50,440
resort all the before you begin page, click next on the Select Certificate Enrollment Policy Page.

124
00:12:50,710 --> 00:12:54,760
Click next out of the request certificates page.

125
00:12:55,060 --> 00:13:03,490
Select Enrollment Agent, Click Enroll and then click finish sign out of long client one and switch

126
00:13:03,490 --> 00:13:12,250
to want to see what the Certification Authority Council, right click agency and then click properties

127
00:13:13,100 --> 00:13:19,120
until the enrollment agent step click or restrict enrollment agent.

128
00:13:20,290 --> 00:13:27,550
And on the popup window that displays click on it in the enrollment agent section.

129
00:13:27,910 --> 00:13:36,460
Click and enter in the select user computer or group field type and then click jerk names and then click

130
00:13:36,460 --> 00:13:36,910
okay.

131
00:13:37,720 --> 00:13:45,940
Click everyone and then click remove in the certificate template section and click add ads in the list

132
00:13:45,940 --> 00:13:50,050
of templates, select a date of user and then click okay.

133
00:13:51,090 --> 00:13:58,200
In the certificate templates section, click all and then click remove and to the permission section,

134
00:13:58,210 --> 00:13:59,190
click add.

135
00:14:00,680 --> 00:14:07,970
You know, select to use a computer or group filled type market and click check names and then click

136
00:14:07,970 --> 00:14:11,870
okay and turn the permission search and click everyone.

137
00:14:12,320 --> 00:14:14,000
Click remove and then click.

138
00:14:14,000 --> 00:14:14,420
Okay.

139
00:14:15,290 --> 00:14:24,830
So we are going to task for where we use certificates for digital sign in over Microsoft Office document.

140
00:14:25,460 --> 00:14:35,540
So first all one platform will sign in as a data administrator as his password and click the start button

141
00:14:35,540 --> 00:14:39,890
type word and then click words icon.

142
00:14:40,960 --> 00:14:46,240
If you receive a prompt for Microsoft Office activation rather than click close.

143
00:14:47,810 --> 00:14:53,210
Good blend, document some text and then save the document to the desktop.

144
00:14:54,500 --> 00:15:02,090
On the toolbar, click insert and then in the taxpayer spanning the signature line dropdown list, click

145
00:15:02,330 --> 00:15:07,790
Microsoft Office Signature Line and turn the signature at the top window.

146
00:15:07,790 --> 00:15:11,840
Type your name in the suggested sign or text books.

147
00:15:12,170 --> 00:15:17,390
Type administrator in the suggested signers title text book.

148
00:15:17,390 --> 00:15:22,520
Send the administrator at any datum dot com.

149
00:15:23,710 --> 00:15:24,570
For your email.

150
00:15:25,620 --> 00:15:34,560
Then sign in the sign window, click change and through the windows security window under a select certificate,

151
00:15:35,280 --> 00:15:42,840
select the administrator certificate with today's date and then click okay and turn the text box to

152
00:15:42,840 --> 00:15:44,190
the right of the X.

153
00:15:44,430 --> 00:15:45,390
Type your name.

154
00:15:45,600 --> 00:15:47,310
Click sign and then click.

155
00:15:47,310 --> 00:15:47,760
Okay.

156
00:15:48,480 --> 00:15:51,870
Instead of type in your name, you can also select an image.

157
00:15:52,260 --> 00:15:56,790
This image can be your scanned handwriting signature.

158
00:15:57,480 --> 00:16:00,870
Now ensure that you can not enter the document further.

159
00:16:01,410 --> 00:16:08,670
Try to try to type some text on the document that includes Microsoft Word, then save changes if you

160
00:16:08,910 --> 00:16:12,750
receive a prompt sign out of long client one.

161
00:16:13,960 --> 00:16:21,340
And we are coming to exercise three where we'll be configuring and implementing query color.

162
00:16:21,820 --> 00:16:30,820
So Task one for this exercise is to configure the certification authority to issue key arrays certificates.

163
00:16:31,540 --> 00:16:38,890
First on launch is the one and the Certification Authority Council will expand the eight agency node.

164
00:16:39,220 --> 00:16:45,160
Click right, click the certificates templates folder and then click manage.

165
00:16:46,080 --> 00:16:53,070
And when the details spin, right click the key recovery agent certificate and then click properties.

166
00:16:53,820 --> 00:17:00,390
And two of the key recovery agent properties dialog box click the issuance the recovery.

167
00:17:02,140 --> 00:17:10,570
A requirement step, then clear the see a certificate manager approval check books, then click the

168
00:17:10,570 --> 00:17:11,560
security step.

169
00:17:12,040 --> 00:17:20,080
No, just the domain admin center enterprise segments are the one the groups that have the enroll permission

170
00:17:20,080 --> 00:17:28,150
and then click okay close the certificate templates console until the certification authority console,

171
00:17:28,420 --> 00:17:38,710
right click certificate templates and point new and then click certificate template issue and to enable

172
00:17:38,710 --> 00:17:45,310
certificate templates, dialog books, click the key recovery agent template and click.

173
00:17:45,310 --> 00:17:49,240
Okay, close the Certification Authority Council.

174
00:17:50,780 --> 00:17:57,560
Now let's switch to task two, where we'll be acquiring the query certificate.

175
00:17:58,010 --> 00:18:05,780
So all on this one will click start and then click the Windows PowerShell at the Windows PowerShell

176
00:18:05,780 --> 00:18:14,900
Command prompt type C for a center around to the console one console, click file and then click add

177
00:18:14,910 --> 00:18:16,220
remove snap ins.

178
00:18:17,330 --> 00:18:23,120
Add to the add or remove snipping dialog box, click certificates and then click add.

179
00:18:24,210 --> 00:18:27,360
In the certificate certificate snap in dialog box.

180
00:18:27,360 --> 00:18:31,740
Select my user account and click finish and click.

181
00:18:31,740 --> 00:18:32,210
Okay.

182
00:18:33,400 --> 00:18:42,040
Then expand the certificates current user note right click personal form to all tasks and then click

183
00:18:42,310 --> 00:18:44,290
request new certificate.

184
00:18:44,830 --> 00:18:50,710
Enter the certificate enrollment result all the before you begin page click next.

185
00:18:51,780 --> 00:18:55,440
And on the Select Certificate Enrollment Policy page.

186
00:18:55,800 --> 00:18:59,820
Click next on the request certificates page.

187
00:19:00,090 --> 00:19:06,840
Select the key recovery agent, check books and click Enroll and then click Finish.

188
00:19:08,490 --> 00:19:14,790
Refresh the console and then view the key recovery agent in the personal store.

189
00:19:15,450 --> 00:19:22,620
Scroll across the certificate properties and verify that certificate template key recovery agent is

190
00:19:22,630 --> 00:19:27,540
present then close console one result your saving change of.

191
00:19:29,660 --> 00:19:31,130
Just three here.

192
00:19:31,130 --> 00:19:35,240
We have to configure the CAA to allow Kir recovery.

193
00:19:36,200 --> 00:19:44,870
So on one DC, one in server manager Click Tools and then click certification authority and turn the

194
00:19:44,870 --> 00:19:53,510
Certification Authority Console, right click add agency and then click properties and turn the agency

195
00:19:53,510 --> 00:19:55,160
properties dialog box.

196
00:19:55,490 --> 00:20:01,610
Click the Recovery Engine Step and then select archive the key.

197
00:20:03,030 --> 00:20:12,030
Under key recovery agents certificates and until the key recovery agent selection dialog books click

198
00:20:12,030 --> 00:20:21,840
more choices and click the certificate with the K I.R.A. Purpose, it most likely will be lost on the

199
00:20:21,900 --> 00:20:24,600
list issued to administrator.

200
00:20:24,990 --> 00:20:30,710
And then click okay twice when prompted to restore the certification authority.

201
00:20:31,260 --> 00:20:31,680
Click.

202
00:20:31,860 --> 00:20:32,400
Yes.

203
00:20:34,520 --> 00:20:43,750
So we are at task four where we have to configure a custom template for key archival.

204
00:20:44,240 --> 00:20:52,640
So on this one, the Certification Authority Council expand datum and right click certificates templates

205
00:20:52,640 --> 00:20:59,960
folder and then click manage in the certificate template console, right click the user certificate

206
00:20:59,960 --> 00:21:02,960
and then click duplicate template.

207
00:21:04,380 --> 00:21:11,580
In the properties of new template darling marks on the general tab and the template display name tags

208
00:21:11,580 --> 00:21:17,730
box type archive user account on the request handling tab.

209
00:21:17,730 --> 00:21:23,440
Select the archive subjects and groups and private key books.

210
00:21:24,390 --> 00:21:27,030
If a pop up window displays, click okay.

211
00:21:27,690 --> 00:21:36,000
Click the select name to clear the email name and include email name and subject name checkboxes.

212
00:21:36,510 --> 00:21:37,230
And then click.

213
00:21:37,230 --> 00:21:37,620
Okay.

214
00:21:38,160 --> 00:21:44,700
Close the certificate templates console down to the Certification Authority console right.

215
00:21:44,700 --> 00:21:51,720
Click the certificates templates folder, point to new and then click certificate template to issue.

216
00:21:52,970 --> 00:22:00,770
In the Enable Certificate Templars dialog box, click the archive user template and then click.

217
00:22:00,770 --> 00:22:04,520
Okay, close the Certification Authority Council.

218
00:22:06,840 --> 00:22:08,580
And finally, task five.

219
00:22:08,880 --> 00:22:11,000
Well, we have to verify.

220
00:22:12,150 --> 00:22:17,040
Key archival functionality, we'll have to assign them to one client.

221
00:22:17,040 --> 00:22:27,030
One is a datum aiding with his pass for account on the star screen type MCU, dot XY and then recenter

222
00:22:27,330 --> 00:22:38,970
if prompted click yes in the user account control window in the console one console click file and then

223
00:22:38,970 --> 00:22:41,070
click add or remove snap in.

224
00:22:41,670 --> 00:22:44,710
Add on to that add or remove snap in the dialog box.

225
00:22:44,730 --> 00:22:46,370
Click Certificates.

226
00:22:46,680 --> 00:22:48,510
Click Add and then click.

227
00:22:48,510 --> 00:22:48,990
Okay.

228
00:22:49,710 --> 00:22:51,530
Expand the certificates.

229
00:22:51,540 --> 00:22:52,890
Current User Note.

230
00:22:53,280 --> 00:22:54,870
Right Click Personal.

231
00:22:55,170 --> 00:22:57,060
Right click all tasks.

232
00:22:57,060 --> 00:22:58,830
And then click request.

233
00:22:58,830 --> 00:23:00,060
New Certificate.

234
00:23:00,420 --> 00:23:05,010
Add to the certificate enrollment result before you page.

235
00:23:05,310 --> 00:23:10,020
Click next and the Select Certificate Enrollment Policy Page.

236
00:23:10,320 --> 00:23:11,160
Click next.

237
00:23:12,330 --> 00:23:18,340
And from the request certificates page, select the archive user checkbox.

238
00:23:18,360 --> 00:23:21,660
Click and roll and click finish.

239
00:23:22,770 --> 00:23:27,450
Refresh the console, then expand personnel and click certificates.

240
00:23:28,050 --> 00:23:34,740
Note that a certificate is issued to aid and based on the archive or a certificate template.

241
00:23:35,460 --> 00:23:40,110
Simulate the loss of the private key by deleting the certificate.

242
00:23:40,380 --> 00:23:42,000
Enter the central bin.

243
00:23:42,420 --> 00:23:42,870
Right.

244
00:23:42,870 --> 00:23:45,630
Click the certificate that you just unroll.

245
00:23:45,930 --> 00:23:48,690
Select delete and then click.

246
00:23:48,690 --> 00:23:50,040
Yes to confirm.

247
00:23:51,000 --> 00:23:52,770
No switch to long to see one.

248
00:23:52,790 --> 00:24:02,160
Open the Certification Authority console, expand ad agency and then click the issued certificate store

249
00:24:02,850 --> 00:24:13,070
and to the details pane double click a certificate with a requester name of Adam, Adam, Adam and a

250
00:24:13,080 --> 00:24:17,610
certificate template name of the archive user.

251
00:24:18,210 --> 00:24:22,470
Click the details step Corbett Serial number, then click.

252
00:24:22,470 --> 00:24:22,900
Okay.

253
00:24:23,790 --> 00:24:32,070
You might copy the number either by selecting it and press and control C or by noting it in a document.

254
00:24:32,700 --> 00:24:40,140
Then click the start button and then click the Windows PowerShell icon and the Windows PowerShell Command

255
00:24:40,140 --> 00:24:42,090
prompt type the following command.

256
00:24:43,610 --> 00:24:50,630
Well, a serial number is a serial number is too corporate, so you'll have to type two till does get

257
00:24:50,630 --> 00:24:54,560
key serial number output block.

258
00:24:55,600 --> 00:25:02,290
If you copy and paste the serial number, remove the spaces between the numbers or and close the serial

259
00:25:02,290 --> 00:25:04,960
number between double quotes.

260
00:25:06,190 --> 00:25:09,990
So next verify the output below file.

261
00:25:10,390 --> 00:25:15,550
Now displays c c users administrator folder.

262
00:25:17,150 --> 00:25:26,540
And to convert the output block file into a dot perfects file at the Windows PowerShell command prompt

263
00:25:26,870 --> 00:25:36,440
type the following command and press enter you have to type cert util dash recovery key output below

264
00:25:36,650 --> 00:25:44,750
eight dot perfects when prompted for the new password type the password and then confirm the password.

265
00:25:45,960 --> 00:25:55,680
Then after the command to execute close Windows PowerShell, go to a C drive, use our administrator

266
00:25:56,040 --> 00:26:02,420
and then verify that Aidan dot B effects, which is the recovery key is created.

267
00:26:04,680 --> 00:26:12,690
After the switch to a long client, one open file explorer and then browse to back slow but sluggish

268
00:26:12,690 --> 00:26:16,200
long does this 1.8. com backslash.

269
00:26:16,600 --> 00:26:20,260
See below to sign when prompted for credentials.

270
00:26:20,280 --> 00:26:27,230
Use a from administrator with his password, then go to a backslash backslash.

271
00:26:27,480 --> 00:26:37,860
All this one they did not come backslash c door sign backslash users backslash administrator and right

272
00:26:37,860 --> 00:26:47,970
click the agent dot facts file and then select copy go to see drive users say them and to the empty

273
00:26:47,970 --> 00:26:49,440
space right click on them.

274
00:26:49,710 --> 00:26:50,760
Select paste.

275
00:26:52,050 --> 00:26:55,230
Double click the Aidan Dot Fairfax file.

276
00:26:55,290 --> 00:26:55,880
Angela.

277
00:26:56,160 --> 00:26:59,550
Welcome to the certificate import freezer page.

278
00:26:59,910 --> 00:27:03,370
Click next on the file to import page.

279
00:27:03,390 --> 00:27:06,030
Click next out of the password page.

280
00:27:06,360 --> 00:27:11,940
Type the password and then click next on the certificate store page.

281
00:27:11,970 --> 00:27:14,910
Click next, click finish and then click okay.

282
00:27:15,780 --> 00:27:17,310
And from the console one.

283
00:27:17,610 --> 00:27:24,660
Expand the certificates current user note, expand personal and then click certificates.

284
00:27:25,410 --> 00:27:31,530
Then refresh the console and then verify that the certificate for Radiant is the restore.

285
00:27:32,740 --> 00:27:39,310
This will finish the lab where we deployed two used certificates.