A certificate authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key – Wikipedia.
Objective
• learn how to install certification authority (CA) server via GUI
• learn how to configure standalone root certification authority (CA) server via GUI
AD Certificate Service Installation
Step 1 : Open Server Manager
By default, Server Manager will automatically open when starting up Windows Server. Just in case if it is not, you may open using RUN: servermanager.msc
Step 2 : Add Roles and Features
Inside Add Roles and Features Wizard, select Role-based or feature-based installation and click Next.
Step 3 : Select Role-based
Select the first radio button.
Step 4 : Select Server Name
By default, it will choose current server name, click Next to proceed.
Step 5 : Select Active Directory Certificate Services
From the list, find Active Directory Certificate Services, tick the box, click Add Features.
Step 6 : Verify Server Roles Selected
Verify that Active Directory Certificate Services has been selected.
Step 7 : Verify Features Selected
Next, wizard will display the role you are trying to install, click Next once confirmed.
Step 8 : Display Selected Server Role
You may also add extra services, as for now, just click Next.
Step 9 : Select Role Services
You may also select other role services, as for now, just click Next.
Step 10 : Confirm Installation
Click Install to start the installation process.
Step 11 : Installation In Progress
The installation is in progress, you may close the wizard and wait for the complete notification.
Step 12 : Installation Complete
The installation is in progress, you may close the wizard and wait for the complete notification.
Configuring Certificate Services
Step 1 : Configure Certificate Service
After the installation is complete, let’s proceed with the post-deployment configuration. Proceed to click on Configure Active Directory as in the screenshot below.
Step 2 : Provide credential
Provide the user you want to assign as the CA administrator. Click Next.
Step 3 : Select Role Service
Tick Certification Authority box and click Next.
Step 4 : Specify Setup Type
If you are installing in domain environment, you may select Enterprise CA. For this tutorial we will proceed to choose Standalone CA, then click Next.
Step 5 : Specify CA type
Choose Root CA as it is a mandatory component for fresh start. Click Next.
Step 6 : Specify Private Key
For fresh CA installation, you will create a new private key. Otherwise, if you have existing private key to be reused, you may select other option. Proceed to click Next.
Step 7 : Specify Cryptographic
Proceed to use default cryptographic unless you have certain security policy to follow. Click Next.
Step 8 : Specify CA Name
Specify name for CA or just use the default name given. Click Next.
Step 9 : Specify Validity Period
By default, the validity period will be 5 years. Click Next.
Step 10 : Specify DB location
You may change the location for the database, otherwise proceed to click Next.
Step 10 : Confirm CA Configuration
Verify all selections before installing and click Configure.
Step 11 : CA Configuration Complete
Certificate Authority server is now ready to be used.
Verify Installation
You may verify the CA installations by opening CA tool installed.
From the CA management console, you can proceed to manage the CA service.
Resources
• https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/server-certificate-deployment-overview
• https://virtuallythere.blog/2018/04/24/making-things-a-bit-more-secure-part-1/
• https://www.prajwaldesai.com/install-enterprise-root-certificate-authority/
• https://www.thesslstore.com/blog/what-is-a-certificate-authority-ca-and-what-do-they-do/
• https://stealthpuppy.com/deploy-enterprise-root-certificate-authority/
• https://networkencyclopedia.com/certificate-services-windows-server/
