PKI Server Setup in IREPS

What is Windows PKI Servers?

The definition for a Public Key Infrastructures (PKIs) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and manage X.509 digital certificates. PKIs can be configured to provide authentication for multiple services, such as Wi-Fi, VPN, Web Apps, E-Mail and more.

Windows PKI Server Types

WINDOWS SERVER 2008

While the function of certificate services has been a feature for previous iterations of Windows servers, the 2008 R2 release was the first one with a built-in AD CS certificate authority. 2008 R2 servers are common for organizations who don’t have a third party solution to verify certificates and just use a Standalone CA. With the rise in cloud-based network services though, standalone CAs might not cut it anymore for certificate services (we’ll discuss more about this further down).

WINDOWS 2012

Windows 2012 servers support a policy that allows NDES implementation so devices have an easier way accessing the network. NDES also makes it possible for BYODs to gain network access. Windows 2012 servers also come with new Windows PowerShell commands to restore and backup your CAs.

However, you must install your own policy module, either from a third-party or create one yourself.

WINDOWS 2016

As with previous deployments of Windows servers, the 2016 server implements a few hotfixes to improve certificate management, making it easier to check the status of multiple certificates at a time. Other Improvements include increased support for TPM key attestation for smart cards. Devices not on the domain can use NDES to get certificates for TPM attestation.

WINDOWS 2019

Windows Server 2019 is based on a hybrid approach for data movement, which was lacking in the 2016 version. This means that the cloud solution can work simultaneously with the on-premise version. While Windows Server 2016 installation was simple and used AD for data backup, the 2019 version uses AI and the IoT to synchronize and backup data in a more secure way.

PKI Server Setup in IREPS or IMMS

PKI Server Installation

PKI Server or Public Key information Server to be set up for DSC run in computer. Mozilla Firefox is the best browser for the PKI Server setup in IMMS. IMMS continue for requisition of non stock items. So we will learn how to set up a PKI server in the Mozilla Firefox browser for IMMS

When going to login to IREPS, you see the message Signer service is not ready or PKI server not ready and can't login.

How to solve this? 

Follow the steps below and login successfully.

Download and install Mozilla Firefox.

Download, install and configure Java.

PKI setup and configuration.

User Guide 

1. Download Mozilla by clicking on the given link. Once the download is complete, go to the specific file and install it. Click here - to download Mozilla
2. Download Java by clicking on the given link. Once the download is complete, go to the specific file and install it. Click here- to Java download manually. Then go to the control panel and click on the program to see the Java symbol. Right-click on the Java symbol and select Open. Then click on Security, click on the Edit Site button below to add the site. That means you have to add the IREPS site, then you have to do ok.
3. If you open the IREPS website the first window opens, click on ‘CLOSE’.Then click on the login button, you will see IMMS in the drop-down menu. Clicking on the IMMS menu will open a new window. You will see three options in this window, click on the first option 'Click here to Download the PKI server Setup Utility and you will see two options again. Clicking on the first option 'Download Setup Utility', a file will save on the computer. Double-clicking on the file will install the PKI software then click on Update on the previous same window. After some time Setup Completed Successfully a PKI shortcut icon will appear on the desktop.

Right-clicking on this PKI shortcut icon and selecting 'Run as Administrator' and 'Allow access' then PKI Server will run. Going back to the previous window and clicking on the second option 'configure the Trust Setting of PKI Server', a new window will open. Clicking on the second option 'Advanced....' a new window will open the IMMS login page by clicking on the last option 'Accept the Risk and Continue'  below.

PKI Service Setup for IMMS (UDM)

IREPS has create a new page IMMS (UDM) for requisition. The new IMMS (UDM) DSC configure is different from the old IMMS portal. A Signer software to be installed for DSC web-signer. Google Chrome is the best browser for login the new IMMS (UDM). IREPS has also changed the material management system. Login for IMMS (UDM) DSC is mandatory

IREPS launch a Signer Service to run DSC. To install the signer service click on "IREPS Signer (Version 1.5)" in Download Section.

To Install IREPS Signer Service follow the steps-

• JAVA Download and Install: Click on the above link and click latest version of JAVA download link. After completion of the file install it successfully.
• Signer Service Download and Install: Click on the link download latest version of Signer Utility. After completion of the file install successfully.

Note:- Sometimes web signer does not work or run, to run the web signer right-click on the Signer Service icon on the desktop and click on Run as Administrator then click yes.