Installing an Enterprise Root CA on Windows 2012R2

The following post, the first in series of posts, details the installation and configuration of a Windows 2012R2 Enterprise CA to be used with a VMware Infrastructure Home Lab.

It is assumed at this stage that you have a single host installed and are running a Windows Domain controller.

As this is a home lab I have chosen to install the CA on to my Domain Controller rather than a dedicated server but if your environment is capable of running a dedicated CA VM then please do so.

The installation can be carried out either using a PowerShell script or by using the Microsoft Wizard. I have only documented the PowerShell method here but you can use the Wizard if you want instead.

Use the PowerShell script below to install the CA and Web Enrolment roles.

Add-WindowsFeature ADCS-Cert-Authority, ADCS-Web-Enrollment -IncludeManagementTools




The PowerShell installation takes a couple of minutes, when complete click the the warning to launch the Configure Active Directory Certificate Services on the destination server link.



Choose the required user credentials and click Next


Tick the CA and Web Enrolment boxes and click Next


I went with the Enterprise CA for AD integration. Click Next


As this is the first CA we have to select it as the Root CA. Click Next


Click Next


Leave the default settings and Click Next


Enter your Common name for the CA and click Next


I left this alone as a 5 Year validity period due to the fact that this infrastructure won’t be here in 5 years time. Click Next


Click Next


Check the details and click Configure



Click Close


To launch the CA Console go to Server Manager \ Tools \ Certification Authority


To confirm that the web enrolment page is working open a browser and type in the name of the server followed by /certsrv (http://windc01/certsrv).

In this post we covered installing the Windows 2012 R2 Root Certificate Authority on a Windows Domain Controller, in the next post we will cover the configuration of the VMware specific Certificate Template and how to distribute the CA Root certificate to your clients.

Leave a Reply

Your email address will not be published. Required fields are marked *