Install Certificate Authority

In this blog I will describe the installation of Microsoft Certificate Authority. This installation/screenshots are based on an Windows 2012R2 server. The Certificate Authority will be installed a lot in the future I guess because you can’t request public certificates with an internal server name anymore with an expire date after the 1st of November 2015. Especially Microsoft Exchange Servers are using certificates with internal server names configured.

Installation Microsoft Certificate Authority



Start the Server Manager and click op Manage and select Add Roles and Features

image2Click Next

image3Select Role-based or feature-based installation and click Next

image4Select Select a server from the server pool, select the server and click Next

image5Select Active Directory Certificate Services and enable at least the Certification Authority.

In the blog I’m not installing the Certificate Enrollment Web Service because I’m using the Certificates Add-in through mmc.exe to enroll certificates.

Click Next

image6Windows will install some additional features on the machine to use the Certificate Authority. Click Add Features

image7Make sure that .NET Framework 3.5 and 4.5 Features is selected and click Next


Click Next

image9Select Certification Authority and click Next

image10Click on Install. The Certificate Authority will be installed shortly.

image11Click on Close. Restart the server if necessary.


This chapter will describe the configuration of the Microsoft Certificate Authority.

image12Start the Server Manager

Click on the Flag and select Configure Active Directory Certificate Services

image13Full the Credentials box and click Next

image14Select Certification Authority and click Next

image15Select Enterprise CA if you´re using an Active Directory environment

image16In this case I’m only using an root CA, that’s why I’m selected the Root CA option.

Click Next

image17Select Create a new private key if you don’t have an private key. Else select Use existing private key.

Click Next

image18Select Key Length: 2048

Algorithm: SHA256. SHA1 will be end of life shortly

Click Next

image19The above field will be filled automatically. Change the names if you wan’t.

Click Next

image20Change the CA expiration date if you like that

Click Next

image21Change the database location and database log location if you like that.

Click Next


Select Configure. The Certificate Authority will be configured in a few minutes


Click Close. The installation and configuration for Microsoft Certificate Authority is completed

Leave a Reply

Your email address will not be published. Required fields are marked *