Microsoft® Certificate Lifecycle Manager Beta 1

Microsoft® Certificate Lifecycle Manager

Quick Start Guide

This document is for informational purposes only. MICROSOFT MAKES

NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.

© 2006 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, and Windows Server are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries. The names of actual companies and products mentioned herein
may be the trademarks of their respective owners.

Page 1
Microsoft® Certificate Lifecycle Manager Beta 1

Microsoft® Certificate Lifecycle Manager Quick Start Guide.....................................1

Page 8........................................................................................................................................1
Introduction.................................................................................................................3
Getting Started............................................................................................................3
Installing CLM.............................................................................................................3
Installing Certificate Lifecycle Manager ...................................................................5
Run Express Configuration ......................................................................................5
Installing the CLM Client............................................................................................8

Page 2
Microsoft® Certificate Lifecycle Manager Beta 1

Introduction
This document describes how to install and configure Microsoft Certificate Lifecycle
Manager Beta 1 software quickly and efficiently for product feature evaluation in a lab
environment. For more comprehensive installation and configuration options, please
refer to the Microsoft Certificate Lifecycle Manager (CLM) Installation Guide.

Getting Started
Install the following software on a single server:
• Windows 2003 Enterprise Edition
• Windows 2003 Certification Authority
• Internet Information Server (IIS) v6
• Ensure the .NET Framework version 1.1 is installed
• Microsoft SQL Server 2000
• NOTE: Authentication must be set to Mixed Mode
• Optional
• Simple Mail Transfer Protocol (SMTP) Server with anonymous relaying
allowed

Installing CLM

Before installing Microsoft Certificate Lifecycle Manager, perform the following

steps:
1. Prepare for schema modification.
a) A member of the Active Directory forest’s Schema Administrators group
must log in.
b) The schema modifications defined in the Lightweight Directory Access
Protocol (LDAP) Data Interchange Format (LDIF) file clms.ldif on the
Certificate Lifecycle Manager CD must be applied. You can either apply it
directly by running ldifde.exe from the Windows Support Tools or by
running the sample script ModifySchema.vbs, which performs the schema
modifications on the default forest with the current user’s credentials.

Page 3
Microsoft® Certificate Lifecycle Manager Beta 1

Both files are on the Certificate Lifecycle Manager Install CD in the Schema
Directory.
2. Enable the default Key Recovery Agent certificate template  the default
certificate template is KeyRecoveryAgent. The template is only available if it is
enabled on an active enterprise certificate authority (CA) in the CA hierarchy.
To do this, perform the following steps:
a) Log on as a user assigned the Manage CA permissions at the enterprise
CA.
b) Start the Windows Certification Authority snap-in, which can be found in
Administrative Tools in the Windows Control Panel.
c) Expand the default CA’s set of folders and select Certificate Templates in
the left pane.
d) With Certificate Templates selected, right-click and click New Certificate
Template to Issue from the pop-up menu.
e) Select Key Recovery Agent and click OK.
3. Enable the default Enrollment Agent certificate template  the default
certificate template is EnrollmentAgent. The template is only available if it is
enabled on an active enterprise CA in the CA hierarchy. To do this, perform the
following steps:
a) Log on as a user assigned the Manage CA permissions at the enterprise
CA.
b) From Administrative Tools, start the Windows Certification Authority snap-
in.
c) Expand the default CA’s set of folders and select Certificate Templates in
the left pane of the snap-in.
d) With Certificate Templates selected, right-click and click New Certificate
Template to Issue from the pop-up menu.
e) Select Enrollment Agent and click OK.

Page 4
Microsoft® Certificate Lifecycle Manager Beta 1

Installing Certificate Lifecycle Manager

If your CA and Certificate Lifecycle Managers reside on the same machine, follow these
installation steps:
NOTE: It is assumed that SQL Server 2000 is installed and configured on the same
machine.
4. Insert the Certificate Lifecycle Manager installation CD.
5. From the Certificate Lifecycle Manager CD, run \CLMS\Certificate Lifecycle
Management Server.msi.
6. The Welcome screen displays. Click Next.
7. On the License Agreement page, confirm your acceptance by selecting I
accept the terms in the license agreement and click Next.
8. On the Customer Information page, enter your customer information and click
Next.
9. On the Setup Type page, select the Complete Install option.
10. On the Ready to Install the Program page, click Install to start copying files.
11. On the InstallShield Wizard Completed page, clear the Launch the CLM
Configuration Wizard check box, and then click Finish.

Run Express Configuration

12. From the Start menu, point to All Programs, point to Microsoft Certificate
Lifecycle Manager, and then click CLM Configuration Wizard.
13. The Welcome to Certificate Lifecycle Manager Configuration Wizard page (see
Figure 13) displays the following:
• Who is currently logged in
• Name of server used for AD management tasks
• Express Configuration button

Page 5
Microsoft® Certificate Lifecycle Manager Beta 1

Figure 13. The Certificate Lifecycle Manager Welcome page.

14. On the Welcome page, click Express Configuration. This sets the following:
• SQL Server defaults are accepted (local default instance of SQL Server
with a blank password).
• The default Certificate Lifecycle Manager database account name is
clmsUser.
• The default SQL Server data folder is used.
• The default Directory Attribute and location is used to store configuration
information.
• The default CLM Agents are used. The container where users are created
is under CN=Users, DomainName (where DomainName is the LDAP
distinguished name of the current domain).
• The defaults assume that the CA is installed on the same machine where
Certificate Lifecycle Manager is installed.
• The default certificate template for the CLM Recovery Agent is
KeyRecoveryAgent.
• The default certificate template for the CLM Enrollment Agent is
EnrollmentAgent.

Page 6
Microsoft® Certificate Lifecycle Manager Beta 1

The template is selected only if an active CA is available and the template is

enabled. To do this, refer to the Enabling the Default Key Recovery Certificate
Template section of this document.
• The default certificate template used to create a signing certificate for the
CLM Agent is User. The template is selected only if it is enabled on an active
CA.
• Email Configuration uses the local SMTP server (127.0.0.1).
If you require e-mail functionality, you can edit the Email Configuration after
Express Configuration completes.
15. The Summary page (see Figure14) displays all configuration information.
Review this data and, when satisfied, click Perform Configuration.

Figure 14. The Certificate Lifecycle Manager Configuration Summary page.

The Configuration Wizard applies options as set in Express Configuration.

Please be patient, as this may take a few minutes.
16. When the installation is completed, click Finish on the CLM Configuration
Wizard page.
17. In Internet Explorer, navigate to http://localhost/clms to access the Certificate
Lifecycle Manager portal.
NOTE: No smart card management activity can occur until the CLM Client is
installed.
Page 7
Microsoft® Certificate Lifecycle Manager Beta 1

Installing the CLM Client

The Beta 1 CLM client is dependent on supported vendor smart card middleware. The
vendor middleware must be installed prior to performing smart card operations through
CLM. Refer to the CLM release notes for additional details.
To install the CLM client:
1. Insert the Certificate Lifecycle Manager installation CD in the CD drive.
2. From the Certificate Lifecycle Manager CD, run \CLMS Client\setup.exe
3. When the Welcome screen displays, click Next.
4. On the License Agreement page, confirm your acceptance by selecting I
accept the terms in the license agreement, and then click Next.
5. On the Customer Information page, type your customer information, and then
click Next.
6. On the Destination Folder page, to install to a non-default directory, click
Change…., otherwise click Next.
7. On the Setup Type page, the following options are available.
a) Complete: All features install, including Smart Card Self-Service Control
and the Smart Card Personalization Control.
b) Custom: Allows for selection of CLM Client installation components.
8. On the Setup Type page, click Next.
9. Click Next on the Ready to Install page.
10. Click Finish.

Page 8