Skip to content

Step by Step : Installing Certificate Authority on Windows Server 2012 R2

July 19, 2014

Hi all, today lets go through another services that Windows Server 2012 can provide for your infrastructure, which is Certificate Authority (CA).

** in my next post, i will post step by step on Network Access Protection, so this Certificate Authority is one of the requirement that you need before you proceed with Network Access Protection.**

“A certification authority (CA) is responsible for attesting to the identity of users, computers, and organizations.

The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate.

The CA can also manage, revoke, and renew certificates.

A certification authority can refer to following:

  • An organization that vouches for the identity of an end user
  • A server that is used by the organization to issue and manage certificates”

More information please log in to :

Lets get started…

1 – On the domain Server (OSI-ADDS01), open Server Manager and go through to Select Server Roles and click Active Directory Certificate Services and then click Next



2 – In the Select Features interface, proceed with Next…


3 – In the Active Directory Certificates Services interface, click Next…


4 – In the Select role services, make sure you tick Certificate Authority and Certification Authority Web Enrollment check box and then click Next


5 – In the Web Server Role (IIS) interface, click Next to proceed…


6 – in the Select role services, just click Next to proceed…


7 – in the installation selections interface, click Install


8 – After installation complete, in the Installation progress interface, click Configure Active Directory Certificate Services on the destination server


9 – Next, in the Credentials interface, verify that your Credentials is Administrator and then click Next


10 – In the Role Services interface, tick Certification Authority and Certification Authority Web Enrollment and then click Next


11 – In the Setup Type interface, verify that Enterprise CA is selected and click Next…


12 – In the CA Type interface, verify that Root CA is selected and then click Next


13 – Next in the Private Key interface, click Create a new private key and then click Next


14 – In the Cryptography for CA interface, you can remain the default setting which RSA Cryptography  with 2048 key length and verify that SHA1 is selected, and then click Next…


15 – Next in the CA Name interface, just proceed with Next…


16 – In the Validity Period, i choose 3 years for my CA, default should be 5 years but its all depend on your organization security policy, and then click Next…


17 – In the CA Database interface, just click Next to proceed…


18 – Next in the Confirmation interface, verify again all the settings and then click Configure


19 – please wait few minutes for the configuration to complete…


20 – Finally, our CA & CA Web Enrollment successfully installed and later in my next blog, i will continue with Installing & Configuring Network Access Protection which is require us to have this CA…


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: