How to Install Active Directory Certificate Services

Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies.

In this article, we will learn about how to install AD Certificate Services.

To install CA (Certification Authority) follow steps below:

  1. Log in to Server where you want to install CA and open Server Manager, click Roles and then click Add Roles.


2.The Before You Begin page click Next:


3. On the Select Server Roles page, in Roles, select Active Directory Certificate Services, and then click Next.


4.  Take a look information about certificate services and click Next:


5. On the Select Role Services page, in Role services, verify that Certification Authority and Certification Authority Web Enrollment is selected, and add required Role services and  then click Next:


6. On the Specify Setup Type page, verify that Enterprise is selected, and then click Next:


7.On the Specify CA Type page, verify that Root CA is selected, and then click Next:


8. On the Set Up Private Key page, verify that Create a new private key is selected, and then click Next:


9. On the Configure Cryptography for CA page, keep the default settings for CSP (RSA#Microsoft Software Key Storage Provider) and hash algorithm (sha1), and determine the best key character length for your deployment. Large key character lengths provide optimal security; however, they can impact server performance. It is recommended that you keep the default setting of 2048 or, if you deem it appropriate for your deployment, reduce Key character length to 1024. Click Next.


10. On the Configure CA Name page, keep the suggested common name for the CA or change the name according to your requirements, and then click Next:


11. On the Set Validity Period page, in Select validity period for the certificate generated for this CA, type the number and select a time value (Years, Months, Weeks, or Days). The default setting of five years is recommended. Click Next:


12. On the Configure Certificate Database page, in Certificate database location and Certificate database log location, specify the folder location for these items. If you specify locations other than the default locations, ensure that the folders are secured with access control lists (ACLs) that prevent unauthorized users or computers from accessing the CA database and log files.


13. Click Next,


14. On the Select Role Services page click Next:


15. Click Install: 


16. Click Close:


The installation is done. Go to Administrative Tools > Certification Authority to open the Management Console for the Certificate Services:


Open a browser and type http://Servername/certsrv and you can see CA Web Enrollment :



Add Comment