I am using a simple environment for installing active directory Certificate authority role on windows server 2008 R2, this server has not other role installed on it and member of active directory w7cloud.com, also have the OS windows server 2008 enterprise edition. You start the installation of AD certificate services by opening the server manager from administrative tool or by clicking the server manage icon from toolbar. Then go to Roles and then click on “Add Roles”. I am login with the domain admin user on my CA machine.
Select the active directory Certificate services roles from role selection and then click on next.
In next Screen it will show some information that name of Certificate authority will not change once the AD certificate services has installed, because the name of computer containing a lot of meta data information about the server if we rename the server it will get out of synch and can cause some real problems, click on next.
Select your required services for active director certificate services. I am selecting the first three services that are Certification Authority, certification Authority Web Enrollment and Online response. Online responder is new feature of windows server 2008 R2 and use for checking the validity of certificate and Network Devices Enrollment service is user for validating router, switches and other similar devices.
In next option I will check the “enterprise”, because I want to issue the certificates through active directory services. Please note that you server must be member of domain controller and login with domain admin user for adding this role otherwise you may not select this option.
Since this is the first CA in my network that way I am using root CA, you can more CA Hierarchy
I will select the “create a new private key” from set up key selection option, as I am installing the first CA server in my network.
Select your required crypto service provider, key character length and hash algorithm for your CA.
Here you need to select the certification validity period for CA, with strong security algorithm you can select a period of 20 year but I leave it to five year.
Then simple next the IIS installation step, IIS is required for certification Authority Web Enrollment service in certificate services.
After this the installation process will start, it will take some time for installation. Once the installation is finished you will find the Certificate role in Server management Roles.