 Hey folks, Ned Pyle here to then I'm going to show you how to get and make and issue a certificate for the purposes of SMB over quick. You can get a cert anyway you like, you know DigiCert, Verisign, Let's Encrypt, whatever. But what I'm going to talk about today is using a Microsoft certificate authority, which is real common inside of the commercial and public sector space. So I'm going to fire up the certificate authority, certification authority snapping, and I'm going to create a new template. So click manage there. I'm going to grab the computer template, which is a good starting point, make a copy of that. And the first thing I'm going to do is I work my way through this endless wall of tabs is set the certification authority and the certificate recipient to the highest, bestest, most safe and secure, you know, options. I'm going to give it a name, something easy to find when this thing is being issued out to your file servers and publish it in Active Directory. I'm going to change the purpose to signature. And I'm going to set the cryptography provider category to key storage provider. The algorithm to ECDSA 256 and a minimum size of shot 256 for the hash. It's a little bit faster than RSA, a little bit more modern than RSA with its long 2048. I don't need to do anything. It's like it's extensions here. I'm going to go and change the key usage to server authentication. It's not necessary. And I will also set and look through security, you'll be modifying this to meet your own needs, you know, who can issue service, who can enroll service, you know, who can automatically roll service. In this case, we're going to do a supply and the request for creating a cert that has special custom stuff. Right. Every time we make a new file server, we need to set some names in it. So we're going to use supply and the request and we'll see how that works in a little bit. Also make sure that if it gets renewed, we keep that information. And then for that, I can click OK. I've got my new template, SMB over quick, and I can go ahead and publish that so people can get it. So this is new cert to issue, you scroll down here, we should see SMB over quick. Good to go. There it is. And let's move to the next part where I install the certificate. What this means is we are going to, you know, go to our file server now, where we're running SMB over quick, request that cert and install it so that I can go and actually map the cert and use it with SMB over in Windows Admin Center in a different demo. So first I'm going to run the snap in and add the certificates computer account snap into it through the MMC console. This remotely does on the file server is what I matter. And then I can look down here. Here's the my local machine store and I'm going to request a new certificate for this file server. So now I've got my enrollment policy based in AD. It's a bit of using a Microsoft certificate authority isn't going to have all this stuff automatically through active directory. I'm going to choose my quick one and you saw I had to provide more information. This is sort of the custom part because every file server is going to be different. And it needs names to be connected to. So I put in the names of however I want, you know, SMB over quick users and applications and such to get to the server. As many names as it's going to have either internally or externally, you really mostly can turn, you know, can, you know, are concerned about the external names because you're using it probably for an edge case. But if you want to use SMB over quick internally, you'll need it as well. So in this case, I'm giving it a couple of internal names and then I'm giving it the name I probably going to use along my users, which is this FS one edge external name. And then I need to give it a subject. It doesn't matter what it is, but I want to be able to find the cert. And that is basically its name, right. So I've gone ahead and done that I'm going to choose enroll and look at a split it's been enrolled and install the certificate. And if I look now there's my cert. Let's take a little bit closer look here. You can see it's validity period. You can see there's the shop 256 RSA thing that I did. There is the ECC information right there. There's the subject alternative names. There's the key stuff I just did right here with the names that will be connected to which will find a subject in here somewhere. The circuits right there. I'm all ready to go at this point and go into Windows Evan Center and run the file sharing extension and click on the configure quick and see my stuff.