Installation and Configuration of Active Directory Certificate Services.
Active Directory Certificate service is one of the essential service that we require for the certificate management within the organization i.e. private certificate within the premises of the organization. As of we are looking for the Exchange server blogs, it might be one of the good feature for us. Hence in this blog we will be discussing regarding the Installation and configuration of Active Directory Certificate Services (ADCS).
Let’s start with the Server Manager and start the installation procedure.
-
Open Server Manager and Select, Add Roles and Features.
2. On ‘Before you Begin screen’ let it be as default and select ‘Next’.
3. Selected, ‘Role-based or feature-based installation’ and click on ‘Next’.
4. On ‘Select Destination Server’, select the server on which you want to install the ADCS role and click on’Next’.
5. On ‘Select server roles’, select ‘Active Directory Certificate Services’. Once you select ADCS a new window will get open asking to install the required features, click on ‘OK’ on that window and click on ‘Next’.
6. On ‘Select Features’ let it as it is and click on ‘Next’.
7. On ‘Active Directory Certificate Services’, just click on ‘Next’.
8. On ‘Select role services’, I have added just the basic roles for the certificate i.e. Certificate Authority and Certification Authority web enrollment. When I selected these roles, a new window with required feature to be installed will get open. Clicked on ‘OK’ and clicked on ‘Next’.
9. As ‘Web Server Role (IIS)’ is the mandatory role we required for the installation of Certificate Services. We install it too and click on ‘Next’.
10. On the ‘Select Role Services’, let it be as of it. And click on ‘Next’.
11. Confirm the installation sections and click on ‘Install’.
12. It might take around 5-10 minutes to complete this installation process. Once the installation is completed, you can see ‘Configure Active Directory Certificate Services on the destination server’. click on it.
13. A new window of “AD CS Configuration’ will get open. Provide the Administrative credential on the credentials, and click on ‘Next’.
14. Select both the role which we have installed previously on ‘Role Services’. And click on ‘Next’.
15. As of we are installing this Certificate Server on the Domain environment, prefer to install the ‘Enterprise CA’. Hence selected same and clicked on ‘Next’.
16. Configure Type of CA as ‘Root CA’ if you don’t have any other Root CA. if you do have, you can choose ‘Subordinate CA’. For me Here I have selected the ‘Root CA’ and clicked on ‘Next’.
17. To Build the Certificate, we need to have a private key. As of for my environment there wasn’t any private key, I create a new one by selecting the option ‘Create a new private key’.
18. For Cryptography of CA, I Selected default encryption. And clicked on ‘Next’.
19. Provide the Name for CA and click on ‘Next’.
20. As 5 years of validation is enough for my test machines, I just let it default and clicked on ‘Next’. If you guys required the more duration of validation, you can increase this value as desired.
21. Left the database location as it is and clicked on ‘Next’.
22. Once the configuration is completed, clicked on configure to apply the configuration of AD CS.
23. It might take little while to get configure as per machine specs. Once the configuration is complete click on close.
24. Once the configuration of Certificate Authority is finished, you can see ‘Certificate Authority’ on Tools of the Server Manager Dashboard. As well you can just browse through your internet explorer with this link : http://<hostname>/certsrv
I hope the configuration of certificate was quite helpful to you, please keep tuning for more blogs J. Thank you for visiting.
Related Posts
Exchange Server 2016 Architecture
[How to] Document DLP with Exchange Server
Transparency Gadget for Windows 7
About Author
pdhewjau
Prashant is a Principal Cybersecurity Specialist at Thakral One Nepal. His prior position as a Modern Work Security Specialist at Microsoft saw him providing invaluable guidance to major clients in Bangladesh, Brunei, Cambodia, and Myanmar, assisting them with their foundational security needs. Awarded the esteemed Microsoft Most Valuable Professional (MVP) accolade in 2017, Prashant is recognized globally among Microsoft peers. Since 2010, he has imparted his expertise as a Microsoft Certified Trainer (MCT), conducting specialized training across Nepal.
Add a Comment
Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Very helpful and well described. Thank you for putting the time to write this up.
very helpful guide!! Awesome job!!
Very detailed & helful
Straight forward thank you!
Just a question: should I install CA just on the PDC or all domain controllers?
To all domain controller 🙂
very helpful,thank you for time