Installing Enterprise Root CA - Windows 2008



  •  add role using domain admin account


 - click "next"


- click "next"


 because it is root(Enterprise) CA we will keep only 1 options, certificates we will sign via subordinate CAs.

 - click "next"


choose Enterprise

  - click "next"


  - click "next"


 choose "create a new private key"

 - click "next"


set RSA#Microsoft Software Key Storage Provider, key lenght 4096 bits, has sha1 and select "Use stron private key protection feature...."

 - click "next"


 - click "next"


configure validity period, I think 10 years for ROOT CA is the minimum, bigger 3rd party standalone CAs  are 20 years valid.

 - click "next"

w2k8-pki-install-11.pngI will leave default database path as it is

 - click "next"



 - click "Install" to start installation





  - click "Close" to finish installation.

  •  import CA certificate to "Trusted Root Certification Authorities" in domain GPO.



If we do not do this we will not be able to  obtain certificates on computers in domain(see warning below)

"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."


dzbanek 2013-01-04


This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.