THIS PAGE IS UNDER CONSTRUCTION - I’M MISSING IMAGES/FORMATTING
- Log into your server that you are installing the role on, or a server that has the ability to manage the destination server.
- Open the server manager application. (servermanager.exe)
- Click ‘Manage > Add Roles and Features’
- The ‘Add Roles and Features Wizard’ will now open, in the ‘Before You Begin’ page click the ‘Next’ button.
- In the ‘Installation Type’ page choose ‘Role-based or feature-based installation’.
- Click ‘Next’
- In the server selection screen keep the current settings and hit ‘Next >’.
- If you are using another server to install the role on the target server choose the correct server.
- Click ‘Next >
- On the ‘Server Roles’ page choose the role ‘Active Directory Certificate Services’.
- A new window will pop up confirming the roles and features that need added. Keep the defaults and click the ‘Add Features’ button.
- In the ‘Features’ page click ‘Next >’.
- In the ‘Active Directory Certificate Services’ page click ‘Next >’.
- In the ‘Role Services’ page leave the defaults and click ‘Next >’.
- In the confirmation page leave the ‘Restart the destination server automatically if required’ unchecked. Click ‘Install’.
- Allow the installation to complete.
- Once complete click the ‘Configure Active Directory Certificate Services on the destination server’ hyperlink.
- After clicking the hyper link a new window will open named ‘AD CS Configuration’
- On the ‘Credentials’ page provide credentials, it will use the current logged in user by default.
- Click ‘Next >’.
- In the setup type you will need to specify whether or not you want to install the CA as a Enterprise CA or a Standalone CA.
- In this guide I am setting up a Standalone CA.
- If you are installing this CA in a Active Directory environment you will want to configure a Enterprise CA (Especially if you are performing these steps to set up LDAPS).
- Click ‘Next >’.
- In the ‘CA Type’ window you will be prompted to choose Root CA or Subordinate CA.
- Choose a Root CA if this server is going to be the primary certificate authority.
- If you already have a Root CA in your environment and you are looking to add a second CA that is authorized to issue certificates from the Root CA then choose Subordinate CA.
- After choosing your ‘CA Type’ click ‘Next >’.
- In the ‘Private Key’ page we are going to want to create a new private key. Choose ‘Create a new private key’. Then click ‘Next >’.
- For the ‘Cryptography’ page choose the following options, unless your environment calls for other settings.
- Cryptographic Provider: RSA#Microsoft Software Key Storage Provider
- Key Length: 2048
- Hashing Algorithm: SHA256
- Click ‘Next >’.
- In the ‘CA Name’ set the common name for this CA to the machine’s hostname.
- Click ‘Next >’.
- For the validity period choose 5 years. Then click ‘Next >’.
- In the ‘Certificate Database’ page leave the defaults and click ‘Next >’.
- In the ‘Results’ page click ‘Close’.
- If you set up the CA on a DC for use with LDAPS then you will want to reboot and then from a administrative command prompt run: