How To Install Windows Certificate Authority (CA) Server

A certificate authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key – Wikipedia.

Objective

• learn how to install certification authority (CA) server via GUI
• learn how to configure standalone root certification authority (CA) server via GUI

AD Certificate Service Installation

Step 1 : Open Server Manager

By default, Server Manager will automatically open when starting up Windows Server. Just in case if it is not, you may open using RUN: servermanager.msc

Step 2 : Add Roles and Features

Inside Add Roles and Features Wizard, select Role-based or feature-based installation and click Next.

Step 3 : Select Role-based

Select the first radio button.

Step 4 : Select Server Name

By default, it will choose current server name, click Next to proceed.

Step 5 : Select Active Directory Certificate Services

From the list, find Active Directory Certificate Services, tick the box, click Add Features.

Step 6 : Verify Server Roles Selected

Verify that Active Directory Certificate Services has been selected.

Step 7 : Verify Features Selected

Next, wizard will display the role you are trying to install, click Next once confirmed.

Step 8 : Display Selected Server Role

You may also add extra services, as for now, just click Next.

Step 9 : Select Role Services

You may also select other role services, as for now, just click Next.

Step 10 : Confirm Installation

Click Install to start the installation process.

Step 11 : Installation In Progress

The installation is in progress, you may close the wizard and wait for the complete notification.

Step 12 : Installation Complete

The installation is in progress, you may close the wizard and wait for the complete notification.

Configuring Certificate Services

Step 1 : Configure Certificate Service

After the installation is complete, let’s proceed with the post-deployment configuration. Proceed to click on Configure Active Directory as in the screenshot below.

Step 2 : Provide credential

Provide the user you want to assign as the CA administrator. Click Next.

Step 3 : Select Role Service

Tick Certification Authority box and click Next.

Step 4 : Specify Setup Type

If you are installing in domain environment, you may select Enterprise CA. For this tutorial we will proceed to choose Standalone CA, then click Next.

Step 5 : Specify CA type

Choose Root CA as it is a mandatory component for fresh start. Click Next.

Step 6 : Specify Private Key

For fresh CA installation, you will create a new private key. Otherwise, if you have existing private key to be reused, you may select other option. Proceed to click Next.

Step 7 : Specify Cryptographic

Proceed to use default cryptographic unless you have certain security policy to follow. Click Next.

Step 8 : Specify CA Name

Specify name for CA or just use the default name given. Click Next.

Step 9 : Specify Validity Period

By default, the validity period will be 5 years. Click Next.

Step 10 : Specify DB location

You may change the location for the database, otherwise proceed to click Next.

Step 10 : Confirm CA Configuration

Verify all selections before installing and click Configure.

Step 11 : CA Configuration Complete

Certificate Authority server is now ready to be used.

Verify Installation

You may verify the CA installations by opening CA tool installed.

From the CA management console, you can proceed to manage the CA service.

Resources

• https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/server-certificate-deployment-overview
• https://virtuallythere.blog/2018/04/24/making-things-a-bit-more-secure-part-1/
• https://www.prajwaldesai.com/install-enterprise-root-certificate-authority/
• https://www.thesslstore.com/blog/what-is-a-certificate-authority-ca-and-what-do-they-do/
• https://stealthpuppy.com/deploy-enterprise-root-certificate-authority/
• https://networkencyclopedia.com/certificate-services-windows-server/

Muadz
Muadz

Hey guys. I'm a Private Cloud Analyst mainly focused on hosting solution which involves hybrid multi-cloud supporting enterprise system.

Cheers, have a good day!

Articles: 4