Installing Active Directory Certificate services Role

I am using a simple environment for installing active directory Certificate authority role on windows server 2008 R2, this server has not other role installed on it and member of active directory, also have the OS windows server 2008 enterprise edition.  You start the installation of AD certificate services by opening the server manager from administrative tool or by clicking the server manage icon from toolbar. Then go to Roles and then click on “Add Roles”. I am login with the domain admin user on my CA machine.

AD Certificate services Role

Select the active directory Certificate services roles from role selection and then click on next.

installing Certificate services Role

In next Screen it will show some information that name of Certificate authority will not change once the AD certificate services has installed, because the name of computer containing a lot of meta data information about the server if we rename the server it will get out of synch and can cause some real problems, click on next.

introduction to AD certificate services

Select your required services for active director certificate services. I am selecting the first three services that are Certification Authority, certification Authority Web Enrollment and Online response. Online responder is new feature of windows server 2008 R2 and use for checking the validity of certificate and Network Devices Enrollment service is user for validating router, switches and other similar devices.

CA role services selection

In next option I will check the “enterprise”, because I want to issue the certificates through active directory services. Please note that you server must be member of domain controller and login with domain admin user for adding this role otherwise you may not select this option.

certificate authority type Enterprise

Since this is the first CA in my network that way I am using root CA, you can more CA Hierarchy

Root CA

I will select the “create a new private key” from set up key selection option, as I am installing the first CA server in my network.

create a new private key CA

Select your required crypto service provider, key character length and hash algorithm for your CA.

configure Cryptography for CA.

I am clicking next on CA name configuration screen.configure CA name

Here you need to select the certification validity period for CA, with strong security algorithm you can select a period of 20 year but I leave it to five year.

Set validity period for CA

Select CA Database path for your CA SERVER.

Then simple next the IIS installation step, IIS is required for certification Authority Web Enrollment service in certificate services.IIS role on server 2008

After this the installation process will start, it will take some time for installation. Once the installation is finished you will find the Certificate role in Server management Roles.

Waqas Azam
Me Waqas Azam and I am a professional blogger & freelance writer. I also working in the IT industry for over 7 years. I am graduated in Computer Science and information technology.