Let’s see a step by step guide to install certificate authority on Windows server 2012 R2. We need to install Certification Authority role service of Active Directory Certificate Services to configure Windows server 2012 to act as CA. It helps to identify the end users of the organization by allocating a certification authority for each user.
Install Certification Authority on Windows Server 2012 R2
Navigate to server manager and click Manage menu and select “Add roles and features” from the drop-down menu.
On the Add roles and services wizard, select Active Directory Certificate Services and then click Next…
In the AD CS Role services, select the Certificate Authority checkbox and Certification Authority Web Enrollment check box. Then proceed with Next Button
For Web Server Role (IIS) interface and Role Services, click Next button and proceed. Click install button on the installation confirmation window
Once the installation process is complete, we need to Active Directory Certificate Services.
Click “Configure Active Directory Certificate Services on the destination server” link (Refer to the below image)
On the Credentials window, make sure the Credentials is “Administrator” and then click “Next”
On the Role services window, mark “Certificate Authority” and “Certification Authority Web Enrollment”
For CA type, select “Root CA” and proceed with Next.. and for type of CA, select “Enterprise CA”
In the Private Key window, select “Create a new private key
In the Cryptography for CA window, you can select the SHA256 or SHA1 as hash algorithm. Also for Cryptographic provider, use RSA Cryptography with 2048 key length.
In the CA Name Window, proceed with default settings and click “Next”
In the Validity Period window, you can choose the years depend on your organization’s security policy. The default settings are “5 years” and then click Next…
In the CA Database window, just click Next button
In the Confirmation window, click Configure button. The configuration process will take few minutes.
Finally, Certificate authority (CA) and CA Web Enrollment successfully installed