install a stand-alone root certification authority · install a stand-alone root certification...
TRANSCRIPT
![Page 1: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/1.jpg)
Install a stand-alone root certification
authority
Applies To: Windows Server 2012
Introduction:
Depending on the CA hierarchy to be designed, this article focus on the steps required to install
offline root CA on Windows Server 2012. Following are the assumptions
a) Server will not be joined to the Active Directory domain
b) Root CA is configured as Offline
c) CAPolicy.inf is created under C:\windows and configured as per the CA hierarchy
d) Networking and Storage considerations are considered
e) Provision of User accounts are done ( local administrator permissions are configured
accordingly )
Install a stand-alone root certification authority on Server 2012
1. Log on to the system as an Administrator or the user with local administrator privileges.
2. Start Server Manager located on Task Bar, click Add Roles and Features wizard and
select your Server from Server Pool
![Page 2: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/2.jpg)
3. Select Active Directory Certificate Services and select the Features as shown below
![Page 3: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/3.jpg)
4. Select Certificate Authority option and click Next
![Page 4: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/4.jpg)
5. Wait for the installation to complete and will be presented with the below wizard
![Page 5: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/5.jpg)
Once you have successfully installed the Certificate Services on the Workgroup Server, it’s time
to configure the Server.
1. From the Server Manager select the “AD CS” role and click More option as shown
below
![Page 6: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/6.jpg)
2. From All Server Task Details and Notifications window, select Configure Active
Directory Certificate Services on the destination Server option which should launch
the below wizard
![Page 7: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/7.jpg)
Provide the necessary credentials, because this server is configured as workgroup, I have
configured with local administrator privileges and click Next.
3. From the Select Role Services to configure window, select Certificate Authority and
click Next
![Page 8: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/8.jpg)
4. On Specify the setup type of the CA window, select Standalone CA option and click
Next
![Page 9: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/9.jpg)
5. On Specify the type of the CA, select Root CA and click Next
![Page 10: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/10.jpg)
6. On Specify the type of the private key, select Create a new Private Key and click
Next
![Page 11: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/11.jpg)
7. On Specify the cryptographic options , select the following
a) Select a cryptographic provider: RSA#Microsoft Software Key Storage
Provider. CSP does support 3rd party but for our lab we select Microsoft CSP
b) Key Length: Select 2048 which is the default key length supported by CSP. This
might change if you import the existing keys which may not be 2048 in length.
c) Hash Algorithm: Though default is SHA1 , for better Hash select SHA 256
![Page 12: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/12.jpg)
Click Next
8. On Specify the name of the CA, enter the following as shown in below wizard
![Page 13: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/13.jpg)
Click Next
9. On Specify the validity period, select 20 years and click Next
![Page 14: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/14.jpg)
10. On the Specify the database locations, Select the storage location and click Next
![Page 15: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/15.jpg)
11. Click Configure from the following wizard
![Page 16: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/16.jpg)
12. Configuration Succeeded message should be displayed as shown below
![Page 17: Install a stand-alone root certification authority · Install a stand-alone root certification authority on Server 2012 1. Log on to the system as an Administrator or the user with](https://reader033.vdocument.in/reader033/viewer/2022050416/5f8c2e5515e01825443a3ffb/html5/thumbnails/17.jpg)