PKI Web Repositories
Overview
Section titled “Overview”| VM ID | Hostname | IP | OS |
|---|---|---|---|
| 312 | srv-pki-zrh-01 | 10.30.30.22 | Server 2025 Core |
| 313 | srv-pki-zrh-02 | 10.30.30.23 | Server 2025 Core |
DNS Round Robin
Section titled “DNS Round Robin”# On srv-dc-zrh-01Add-DnsServerResourceRecordA -ZoneName "microsoftlab.ch" -Name "pki" -IPv4Address "10.30.30.22"Add-DnsServerResourceRecordA -ZoneName "microsoftlab.ch" -Name "pki" -IPv4Address "10.30.30.23"IIS Configuration (per server)
Section titled “IIS Configuration (per server)”# Install IISInstall-WindowsFeature Web-Server -IncludeManagementTools
# Create folder structureNew-Item -Path "C:\pki\aia" -ItemType Directory -ForceNew-Item -Path "C:\pki\crl" -ItemType Directory -Force
# Create virtual directoryNew-WebVirtualDirectory -Site "Default Web Site" -Name "pki" -PhysicalPath "C:\pki"
# Create aia and crl subdirectoriesNew-WebVirtualDirectory -Site "Default Web Site" -Name "aia" -PhysicalPath "C:\pki\aia"New-WebVirtualDirectory -Site "Default Web Site" -Name "crl" -PhysicalPath "C:\pki\crl"
# Enable double escaping (required for CRL files)Set-WebConfigurationProperty -Filter /system.webServer/security/requestFiltering -Name allowDoubleEscaping -Value $true -PSPath "IIS:\Sites\Default Web Site"File Structure
Section titled “File Structure”C:\pki\├── aia\│ ├── MicrosoftLab Root CA 01.crt│ └── MicrosoftLab Issuing CA 01.crt└── crl\ ├── MicrosoftLab Root CA 01.crl └── MicrosoftLab Issuing CA 01.crlVerify Access
Section titled “Verify Access”# Test from any machineInvoke-WebRequest -Uri "http://pki.microsoftlab.ch/aia/" -UseBasicParsingInvoke-WebRequest -Uri "http://pki.microsoftlab.ch/crl/" -UseBasicParsing