Installing Certificate Authority by Active Directory Certificate Services on Windows Server 2008 R2


Sathish Nadarajan
SharePoint MVP
Published On :   03 Jan 2014
Visit Count
Today :  1    Total :   15834



All of us know the importance of Certificate while in development environment as well in the customer’s environment. Being a developer, we don’t bother about the customer environment’s Certificates. But, while developing itself, we will be required to deal with the certificates frequently. For Example, even for creating a HTTPS site, we require certificates.

Regarding this, we had already seen, how to create a self-signed certificate from IIS in this post. But, the problem which we faced here is, the validity of the Certificate. The default validity of the self-signed certificates are one year. After one year, there is no option to renew or extend the validity. Even I couldn’t see any option for the AutoCertificateRollover also. (We can discuss about them in some other posts.)

At the same time, for the development, we cannot buy any certificate for cost also. At this scenario, if we have a Windows Server 2008 R2 machine (or any other Server OS can help. Since, I used Windows Server 2008 R2, I am explaining about that), we can convert our server into a Certificate Authority Server, and get certificates from that itself. We can renew, and we can choose any templates etc., There are much more options are there.

Let us see how to install the Active Directory Certificate Services first. As usual, the step by step procedure are as follows.

1. Open the Server Manager

image

2. Select the Roles. And Add Roles.

image

3. Select the Active Directory Certificate Services

image

4. The installation Wizard will begin

image

5. Select the Services. The basic things we require for our need is, Certificate Authority and Certification Authority Web enrollment

image

6. To install, the Web Enrollment Service, there are certain IIS related Services needs to be installed. Click on Add Required Role Services.

image

7. Now, go to the next screen

image

8. Select the Enterprise, since we are going to use the existing Active Directory

image

9. Select the Root CA. This Certification Authority is going to be the Root for any other sub Certification Authority in future. As for as concerning the development machine, we don’t need to worry about this. We can proceed with Root CA

image

10. Select the New Private Key

image

11. The encryption methods. Leave as by default. The only thing to be noted here is the Key Character Length. For a safer side, always keep the length not less than 2048.

image

12. Give the name of the CA and the Certificate prefixes etc., Mostly keep as it as default.

image

13. Validity of the Certificate. Give as you require. Even, if you give a lesser value, we can renew the certificate.

image

14. Location of the database files.

image

15. Confirm and proceed with installation.

image

image

image

 

image

 

image

 

 

Verifying the Installation.

Once the installation got succeed, we need to verify. To verify that, we can go to Server manager again and see the Roles has been added.

 

image

To verify against the Certification Authority, the following steps will help us.

1. Go to Run and type MMC

image

2. Management Console will open. On that, Add Snapin.

image

3. Add Certification Authority and select Local.

image

image 

4. It will get added.

image

5. Now, you can see the entire certificates which were issued, pending requests, Certificate templates etc.,

image

We can see, how to create a certificate using this Certification Authority in the consecutive posts.

Happy Coding.

Sathish Nadarajan.

Categories