install a stand-alone root certification authority the select role services to configure window,...
TRANSCRIPT
Install a stand-alone root certification
authority
Applies To: Windows Server 2012
Introduction:
Depending on the CA hierarchy to be designed, this article focus on the steps required to install
offline root CA on Windows Server 2012. Following are the assumptions
a) Server will not be joined to the Active Directory domain
b) Root CA is configured as Offline
c) CAPolicy.inf is created under C:\windows and configured as per the CA hierarchy
d) Networking and Storage considerations are considered
e) Provision of User accounts are done ( local administrator permissions are configured
accordingly )
Install a stand-alone root certification authority on Server 2012
1. Log on to the system as an Administrator or the user with local administrator privileges.
2. Start Server Manager located on Task Bar, click Add Roles and Features wizard and
select your Server from Server Pool
Once you have successfully installed the Certificate Services on the Workgroup Server, it’s time
to configure the Server.
1. From the Server Manager select the “AD CS” role and click More option as shown
below
2. From All Server Task Details and Notifications window, select Configure Active
Directory Certificate Services on the destination Server option which should launch
the below wizard
Provide the necessary credentials, because this server is configured as workgroup, I have
configured with local administrator privileges and click Next.
3. From the Select Role Services to configure window, select Certificate Authority and
click Next
7. On Specify the cryptographic options , select the following
a) Select a cryptographic provider: RSA#Microsoft Software Key Storage
Provider. CSP does support 3rd party but for our lab we select Microsoft CSP
b) Key Length: Select 2048 which is the default key length supported by CSP. This
might change if you import the existing keys which may not be 2048 in length.
c) Hash Algorithm: Though default is SHA1 , for better Hash select SHA 256