Installing Enterprise Root CA - Windows 2008
Â
Â
- Â add role using domain admin account
 - click "next"
- click "next"
Â
 because it is root(Enterprise) CA we will keep only 1 options, certificates we will sign via subordinate CAs.
 - click "next"
choose Enterprise
 - click "next"
Â
 - click "next"
 choose "create a new private key"
 - click "next"
set RSA#Microsoft Software Key Storage Provider, key lenght 4096 bits, has sha1 and select "Use stron private key protection feature...."
 - click "next"
 - click "next"
configure validity period, I think 10 years for ROOT CA is the minimum, bigger 3rd party standalone CAs are 20 years valid.
 - click "next"
I will leave default database path as it is
 - click "next"
summary
 - click "Install" to start installation
Â
Â
Â
Â
 - click "Close" to finish installation.
- Â import CA certificate to "Trusted Root Certification Authorities" in domain GPO.
Â
If we do not do this we will not be able to obtain certificates on computers in domain(see warning below)
"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."
Â
dzbanek 2013-01-04
Â