Home / Articles / Windows / Installing a Certificate Authority using Microsoft Server to Issue Certificates

Installing a Certificate Authority using Microsoft Server to Issue Certificates

Installing a Certificate Authority using Microsoft Server to Issue Certificates

We are creating this document because there are not a lot of good articles on the Internet on how to use Microsoft software to create a Certificate Authority (CA) or Public Key Infrastructure (PKI) environment.  After you have followed this guide you will be able to submit CRS requests and generate legitimate certificates and get rid of the warning batter saying you don’t have a legitimate certificate.  We are assuming that you have an AD environment and are using Internet Explorer or Chrome as a web browser.

  1. Open server manager and add a role
  2. Select active directory certificate services
    1. Select Certification Authority and Certification Authority Web Enrollment

i.      Add all subcomponents and install

  1. Open Certification Authority under administrative tools
    1. Expand your domain
    2. Right click Certificate Template and click Manage
    3. Right Click Web Server and click Duplicate Template
    4. Setup a unique name

i.      Under the Issuance Requirements tab select CA certificate manager approval

ii.      Under Security highlight Authenticated Users and select Authenticated Users

  1. Select Allow privlidges for: Read, Enroll and Autoenroll

iii.      Close the certificate templates console

  1. Right click Certificate Templates

i.      Click new and select Enable Certificate Templates

ii.      Select the template you created

  1. This should add the template under certificate templates now
  2. On the CA server goto http://localhost/certsrv/
    1. Select request a certificate
    2. Select advanced certificate request
    3. Select  Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
    4. Past the CSR request
    5. Under certificate template select the template you created

i.      Note: do not select Basic EFS or User

  1. This should issue the cert
  2. To approve the certificate go back to Certification Authority
    1. Click the pending requests folder and right click and approve the request
    2. Browse to http://localhost/certsrv/
      1. Select View the status of a pending certificate request
      2. Download the base 64 cert and put it on your server

Share


Comment on Installing a Certificate Authority using Microsoft Server to Issue Certificates

Leave a Reply






Contact Us