Deploying a Windows Server 2012 R2 Certificate Authority

In this article, we will learn how to deploy Windows Server 2012 R2 Certificate Authority (CA) in windows server 2012. Let’s begin with the process.

First of all open the Server Manager of Windows Server 2012 R2 and click on “Add Roles and Features”. From there, you must select “Active Directory Certificate Services”.

From the popup window, click on “Add Features” so that the Certification Authority Management Tools are allowed to install.

Now, you have to select the options that you want to install. However, the recommended options are as follows

a. Certification Authority (the main CA)
b. Certification Enrollment Policy Web Service
c. Certificate Enrollment Web Service

After you are done with the installation, you will be back to the Server Manager where you have to select AD CS. There will be a warning (as in the screenshot) telling you that no configuration has been done yet. Click on More.

You will reach the “All Servers Task Details and Notifications”. In the Action Column, click on “Configure Active Directory Certificates Services” which will launch the configuration wizard of AD CS.

You have to use the parameters as mentioned below while you are going through the steps in the wizard.

In Common Name field, enter a descriptive name for your certificate CA and click next. Update validity period to 5 years. For the database locations, you may accept or modify them.
Hence, the first two CA components will finish configuring.

Choose “Certificate Enrollment Web Service and Certificate Enrollment Web Policy Service” in the “Select Role Services to configure”.

Use the following parameters when you are going through the configuration wizard.

In result windows, it will show the results.

This will complete the configuration of all the required CA services

You can Use Certificate Authority Management Tool for verifying CA functionality. Start the Certificate Authority Management Tool from the CA server.

If everything has completed well, then the CA server will be shown with a green icon. This will mean that all the CA services are up and running.

This is how you can configure certificate setup for your environment.

Leave a Reply