Table of contents
- 1. Install Certificate Authority
- 2. Configure AD CS
-
- (1) Open the configuration interface
- (2) Enter the Credentials interface
- (3) Enter the Role Services interface
- (4) Specify the CA setting type
- (5) Set the CA type
- (6) Specify the private key type
- (7) Specify encryption options
- (7) Specify the CA name
- (8) Specify the validity period of the certificate
- (9) Specify the CA database
- (10) Specify the authentication type of CEP
- (11) Confirm configuration information
- (12) Confirm the configuration result
- References
- Associated blog post
1. Install Certificate Authority
1.1 Prerequisites
- The computer on which ADCS is installed must have a hostname, a static IP and be joined to an AD domain (this tutorial uses an AD domain).
- The minimum requirements to complete this procedure are membership in the Enterprise Administrators and Domain Admins groups for the root domain.
1.2 steps
Log on to Windows Server as a member of the Enterprise Admins group and the Domain Admins group for the root domain
(1) Open [Server Manager], click [Add Roles and Features].
(2) The system will first prompt the tasks that need to be completed before installation
(3) Enter the [Select Installation Type] interface, use the default option [role-based or function-based installation]
(4) Enter the [Server Selection] interface, select [Select a server from the server pool]
(5) Enter the [Server Roles] interface, click the check box in front of [Active Directory Certificate Services], and the system will pop up a wizard to add roles and functions, click [Add Features]
Go back to the [Server Roles] interface, and then [Active Directory Certificate Services] has been checked.
(6) Enter the [Features] interface, there is no need to add additional functions, so keep the default.
(7) Enter the [AD CS] interface, which is used to explain the functions and precautions of AD CS.
(8) Enter the [Role Services] interface and check all check boxes.
Required options are [Certification Authority] and [Certification Authority Web Enrollment]
- 【Certification Authority】is the main program of ADCS and is necessary.
- [Certification Authority Web Enrollment] provides a simple web interface to allow users to download, request, and refresh certificates.
(9) Enter the [Confirmaiton] interface, and display the content selected to be installed earlier
(10) Enter the [Results] interface, the installation process needs to wait for a period of time, after the installation is complete, you can directly close the installation program, or click [Configure Active Directory Certificate Services on the destination server] to continue configuration.
After the installation is complete, click [Configure Active Directory Certificate Services on the destination server] to enter the AD CS configuration wizard
2. Configure AD CS
(1) Open the configuration interface
In addition to the installation function interface, the configuration interface can also be opened by the following method
(2) Enter the Credentials interface
Just keep the default.
(3) Enter the Role Services interface
Select according to the actual situation.
Among them, [Certification Authority] and [Certification Authority Web Enorllment] are mandatory.
(4) Specify the CA setting type
Keep the enterprise CA by default.
(5) Set the CA type
Root CA is selected by default.
(6) Specify the private key type
(7) Specify encryption options
If the product has requirements for the certificate encryption algorithm or key length, it needs to be selected according to the actual situation. For example, VMware vCenter requires the certificate to have a key length of 2048 or greater.
!
(7) Specify the CA name
(8) Specify the validity period of the certificate
Set the validity period of the certificate generated by the certificate authority.
(9) Specify the CA database
- Certificate database location.
- Certificate database log location.
(10) Specify the authentication type of CEP
Select Windows Integrated Authentication.
(11) Confirm configuration information
(12) Confirm the configuration result
Restart to make it take effect, and the installation and configuration of ADCS are now complete.
Cover image from: https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D_gvjlcmnw-o&psig=AOvVaw3QChoYVhy5P6fiUP5zK0LJ&ust=1690369165234000&source=images&cd=vfe& opi=89978449&ved= 2ahUKEwip26r-2amAAxVc5zgGHV7bC80Qr4kDegUIARCOAg
References
Microsoft Docs:Install the Certification Authority
Associated blog post
Due to space reasons, please refer to the installation, configuration and management of the Active Directory Certificate Services certification authority:
To be continued, please pay attention to the update, thank you.