Windows – Enterprise Root CA Install and Configure

By using ADCS we can generate and renew certificates in an enterprise. ADCS is more helpful in a domain internal network

Table of Contents

Log in to a windows server
Launch Server manager
Click on Manage –> Add Roles & features
Click on Next –> Select Role-based or feature-based installation
Select Active Directory Certificate Services and select Include management tools checkbox then click on Add Features
Click on Next –> In the Features section leave defaults and click Next
Click Next on Active Directory Certificate Services section
In Select role services, select below
Certification Authority
Certification Authority Web Enrolment (Include Management tools)
Click Next and in the Web Server Role (IIS) section again click Next
Go with Defaults on Role Services
Click on Install and wait till feature install completes
Click on Close
Now you will see AD CS in Server Manager and a warning message as post-deployment configuration required

Click on Configure Active Directory Certificate Services on the destination server
Click Next on the Credentials section
Select Role Services to configure
Certification Authority
Certification Authority Web Enrollment
Click Next and Select Enterprise CA
And in the next page, Select Root CA then click Next
Select Create a new private key and click Next
Choose SHA256 as a hash algorithm and other options as shown below and click Next
Provide a Name to the CA
Specify the validity period
Leave the defaults in the Specify the database locations section
Click on Configure
And now we have CA is configured

Once the CA is configured, we can access the web enrollment page in any one of 2 ways listed below

Launch CA wen enrollment page (shown above)
Click on Download a CA certificate
Click on the Download CA certificate
You can certificate downloaded.
If you select CA certificate chain download, then p7b file will be downloaded