The following post, the first in series of posts, details the installation and configuration of a Windows 2012R2 Enterprise CA to be used with a VMware Infrastructure Home Lab.
It is assumed at this stage that you have a single host installed and are running a Windows Domain controller.
As this is a home lab I have chosen to install the CA on to my Domain Controller rather than a dedicated server but if your environment is capable of running a dedicated CA VM then please do so.
The installation can be carried out either using a PowerShell script or by using the Microsoft Wizard. I have only documented the PowerShell method here but you can use the Wizard if you want instead.
Use the PowerShell script below to install the CA and Web Enrolment roles.
| Add-WindowsFeature ADCS-Cert-Authority, ADCS-Web-Enrollment  | 
The PowerShell installation takes a couple of minutes, when complete click the the warning to launch the Configure Active Directory Certificate Services on the destination server link.
Choose the required user credentials and click Next
Tick the CA and Web Enrolment boxes and click Next
I went with the Enterprise CA for AD integration. Click Next
As this is the first CA we have to select it as the Root CA. Click Next
Click Next
Due to the fact that SHA1 is being deprecated I have gone with SHA512 for the hashing algorithm, click Next
Enter your Common name for the CA and click Next
I left this alone as a 5 Year validity period due to the fact that this infrastructure won’t be here in 5 years time. Click Next
Click Next
Check the details and click Configure
Click Close
To launch the CA Console go to Server Manager \ Tools \ Certification Authority
To confirm that the web enrolment page is working open a browser and type in the name of the server followed by /certsrv (http://windc01/certsrv).
In this post we covered installing the Windows 2012 R2 Root Certificate Authority on a Windows Domain Controller, in the next post we will cover the configuration of the VMware specific Certificate Template and how to distribute the CA Root certificate to your clients.


















Leave a Reply