How to setup Microsoft Active Directory Certificate Services [AD CS]
Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network. Let us see how to install and setup Active Directory Certificate Services (AD CS).
Open Server Manager and click Manage -> Add Roles and Features
Click Next In the following screen, click Next.
Select Role-based or feature-based installation
Select Select a server from the server pool
In the Select server roles window, select Active Directory Certificate Services
This will display Add Roles and Features Wizard. Click Add Features
Click Next – Next.
Click Install in the Confirmation Window.
Once you see the Results window, Click Close.
Active Directory Certificate Services feature is installed on the server successfully. Now, let us configure the AD CS. Open Server Manager window if closed and clicking Warning Flag will popup a drop down. Click Configure Active Directory Certificate Services on the remote server as shown in the following image.
Click Next in Credentials window. If needed, you can change the Credentials.
Click Next in Role Services Window.
Select Enterprise CA.
Select Root CA in CA Type.
Select Create a new private key.
Select SHA256 or as required.
In the CA Name window, check settings and click Next.
Specify the validity period.
Check the database settings and path and change if required.
Check all your configuration in Confirmation window and click Configure
You will see a Results window with a message Configuration succeeded.
We have completed Adding Active Directory Certificate Services (AD CS) and configuring.