This document outlines the prerequisites and installation steps for the VeridiumAD Registration Authority (RA) and Enrollment Proxy (EP) server components. These components are crucial for enabling passwordless authentication within a Windows domain environment.
Prerequisites
Before performing the steps in this guide, install the VeridiumID server following the procedures in VeridiumID Installation guide.
Before installing the VeridiumAD RA/EP server, ensure the following prerequisites are met:
-
Microsoft Enterprise Certification Authority (CA):
-
A Microsoft Enterprise CA must be installed and configured within your Active Directory (AD) domain.
-
The CA certificate must be trusted by domain computers and Domain Controllers.
-
-
CA Administrator and Domain Rights:
-
The user performing the installation must have CA administrator privileges to allow the Veridium RA to communicate with the CA.
-
Domain Enterprise rights are required to register new Certificate Templates in the CA.
-
-
Server Domain Membership:
-
The server where the Veridium RA component will be installed must be joined to the same domain where the Microsoft CA is installed.
-
The server where the Veridium EP component will be installed must be joined to the same domain where the client computers are joined.
-
In a single domain environment, both Veridium RA and Veridium EP can be installed on the same server.
-
If the Microsoft CA is in a different domain than the client computers, it is recommended to install Veridium RA and Veridium EP on separate servers, each joined to the corresponding domain.
-
-
Operating System:
-
Veridium RA and Veridium EP require Windows Server 2012 R2 or newer.
-
-
Internet Information Server (IIS):
-
Both servers require IIS to be installed.
-
-
SSL Certificate:
-
A valid SSL certificate must be bound to HTTPS communication for both Veridium RA and Veridium EP servers.
-
The SSL certificate must meet the following requirements:
-
Subject Alternative Name (SAN): Must contain a SAN DNS Name with the Fully Qualified Domain Name (FQDN) of the server.
-
Public Key Length: 2048 bits.
-
Enhanced Key Usage: Must include Server Authentication.
-
-