ActiveDirectory

Installing Active Directory Certificate Services

Active Directory Certificate Services Role allows you to install a certificate authority in your Active Directory environment which allows you to issue self signed certificates for a variety of purposes and uses.  We want to step through this process on a Windows 2008 R2 server and show how easily the role can be added to a server in your environment.

  • First of all you need to launch Server Manager and Choose Roles and “Add Roles.”
  • Select the Active Directory Certificate Services Role

 

CA1
We are choosing the “Certification Authority” as well as “Certification Authority Web Enrollment”

CA2
Since we are using a domain controller which is running Active Directory, we are choosing the “Enterprise” option

CA3

 

In the example we are installing the first CA in our environment so we are choosing “Root CA”

CA4

 

In the wizard, the next step is to “Create a new private key” or “use existing private key”…

 

CA5

 

Configure Cryptography for the CA including “Key character length” and “Hash algorithm for signing certificates.”

CA6

 

The Name of the CA is chosen including the “Common name” and the “Distinguished Name.”

CA7

 

You are asked to choose the “Validity Period” of the CA

CA8

 

The Default location of the Certificate Database and the Certificate Database Logs are chosen:

CA9

 

Since we installed the Web Enrollment option, we are asked here to configure IIS

CA10

 

Role Services to be included in the IIS installation are configured:

CA11

 

We are asked to “Confirm Installation Selections”

CA12

 

The installation process begins:

CA13

 

The installation finishes with any errors/successes listed:

CA14

 

Final Thoughts

Installing the Active Directory Certificate Services Role on a server is not difficult at all and is a rather straight forward wizard that guides you through the process.  However, use forethought and plan ahead before running the wizard as you need to think about really important aspects of the CA including the name, server it is going on, validity period, and features that need to be installed.  Having thought through all of these things beforehand makes the install much easier and doesn’t cause unwanted headaches in the future.

  • Also of consideration is the fact that if you install the role on a domain controller, you will not be able to rename the server with the certificate services role installed.

 

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.