Scribd
Upload
23 views

CA Installaton

This document provides instructions for building a Windows 2008 R2 certificate server by installing the Active Directory Certificate Services role and configuring it to use SSL. Key steps include installing the Certification Authority and Certification Authority Web Enrollment role services, creating a new private key, configuring the CA as a standalone root CA, setting the certificate validity period, and enabling SSL on the CA's web server by creating a self-signed certificate and requiring SSL for the CertSrv virtual directory.

Uploaded by

Edward Walton
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views

CA Installaton

This document provides instructions for building a Windows 2008 R2 certificate server by installing the Active Directory Certificate Services role and configuring it to use SSL. Key steps include installing the Certification Authority and Certification Authority Web Enrollment role services, creating a new private key, configuring the CA as a standalone root CA, setting the certificate validity period, and enabling SSL on the CA's web server by creating a self-signed certificate and requiring SSL for the CertSrv virtual directory.

Uploaded by

Edward Walton
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Build a Windows 2008 R2 Certificate Server

Begin configuring the Windows Server 2008 R2 server by installing the


Active Directory Certificate Services role.  This can be a new, single-
purpose server or one already deployed in your organization.  Contrary to
the role name, this is the role to install even if the server is not a member of
an Active Directory domain (a workgroup server).  Select the following Role
Services when installing the ADCS role:

 Certification Authority
 Certification Authority Web Enrollment (this will also install Web
Server (IIS) and all necessary components)

If the server is a member of a domain, you can choose whether to install the
CA as an Enterprise or Standalone (non-domain based) CA.  For our
purposes, it really doesn't matter which one you choose.  However, if you're
planning out a full PKI (which I highly recommend) you should select the CA
type that's appropriate for your organization.  For this article, we'll make it a
standalone Root CA.

Create a new private key and use the default cryptographic service provider
(CSP) and key length (2048).  Supply a common name for the CA, such as
W2K8R2-CA.  Note that the default validity period for certificates generated
by a Windows Server 2008 R2 CA is 5 years.  Set this value for as long as
you'd like.  Consider the fact that the certificate will have to be replaced on
the iPhone and in AD when it expires.  I set my validity to 10 years.

Continue through the Add Roles Wizard, accepting all the default settings. 
Note that the name and domain settings of the server cannot be changed
after Certification Authority has been installed.  Click Install to complete the
installation.  No reboot is required, but it is recommended that you run a
Windows Update to ensure that the binaries are up to date.

Configure the Certification Authority to Use SSL


In order to request certificates using the web interface, you must enable SSL
on the CA's web server.  Open Internet Information Services (IIS)
Manager in Administrative Tools.  Select the server name and open the
Server Certificates feature.  Select Create Self-Signed Certificate in the
Actions pane and supply a friendly name for the certificate, such as "CA
Server".

Next, expand Sites and select the Default Web Site.  Click Bindings in the
Actions pane and add HTTPS, using the new self-signed certificate, as
shown below.
Now select the CertSrv virtual directory under Default Web Site and open
the SSL Settings feature.  Select Require SSL and click Apply

You might also like