Installing Enterprise Root CA - Windows 2008

 

 

  •  add role using domain admin account

w2k8-pki-install-1.png

 - click "next"

w2k8-pki-install-2.png

- click "next"

 w2k8-pki-install-3.png

 because it is root(Enterprise) CA we will keep only 1 options, certificates we will sign via subordinate CAs.

 - click "next"

w2k8-pki-install-4.png

choose Enterprise

  - click "next"

 w2k8-pki-install-6.png

  - click "next"

w2k8-pki-install-7.png

 choose "create a new private key"

 - click "next"

w2k8-pki-install-8.png

set RSA#Microsoft Software Key Storage Provider, key lenght 4096 bits, has sha1 and select "Use stron private key protection feature...."

 - click "next"

w2k8-pki-install-9.png

 - click "next"

w2k8-pki-install-10.png

configure validity period, I think 10 years for ROOT CA is the minimum, bigger 3rd party standalone CAs  are 20 years valid.

 - click "next"

w2k8-pki-install-11.pngI will leave default database path as it is

 - click "next"

w2k8-pki-install-12.png

summary

 - click "Install" to start installation

 w2k8-pki-install-13.png

 

 w2k8-pki-install-14.png

 

  - click "Close" to finish installation.

  •  import CA certificate to "Trusted Root Certification Authorities" in domain GPO.

w2k8-pki-install-29.png

 

If we do not do this we will not be able to  obtain certificates on computers in domain(see warning below)

"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."

 

dzbanek 2013-01-04

 

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.