Install an Enterprise Certificate Authority in Windows 2008 R2
In this post I will walk through the steps of setting up an enterprise certificate authority (CA) in a Windows Server 2008 R2 Active Directory domain. The steps needed to configure this are fairly simple and straightforward. Having your own CA is useful for testing SSL and other services that require certificates without the need to purchase certificates from a third party. However, these certificates will not be automatically trusted by computers external to your AD domain, so there are some limitations. Lets get to it.
First, start the Server Manager.
Click Add Roles under Roles Summary.
Check the Active Directory Certificate Services role and click Next.
Under Role services check Certification Authority and Certification Authority Web Enrollment. The Web Enrollment service is useful if you choose to make requests for certificates from computers that are not members of your AD domain. If you have not yet installed all of the IIS components the Web Enrollment service needs, it will ask for prerequisites to be installed. Go ahead and accept these, then click Next.
I will keep the default and use an Enterprise CA, click Next.
This if my first and only CA, so I’ll choose Root CA and click Next.
This is a new CA without existing keys so select Create an new private key and click Next.
Keep the default CSP, hashing method, and key length and click Next.
I’ll keep the defaults and click Next.
Accept the default database locations and click Next. Then at the confirmation screen click Install. See how easy that was. See you next time!