Installing an Enterprise Root CA on Windows 2012R2

The following post, the first in series of posts, details the installation and configuration of a Windows 2012R2 Enterprise CA to be used with a VMware Infrastructure Home Lab.

It is assumed at this stage that you have a single host installed and are running a Windows Domain controller.

As this is a home lab I have chosen to install the CA on to my Domain Controller rather than a dedicated server but if your environment is capable of running a dedicated CA VM then please do so.

The installation can be carried out either using a PowerShell script or by using the Microsoft Wizard. I have only documented the PowerShell method here but you can use the Wizard if you want instead.

Use the PowerShell script below to install the CA and Web Enrolment roles.

Add-WindowsFeature ADCS-Cert-Authority, ADCS-Web-Enrollment -IncludeManagementTools

2013-10-26_21-43-31

2013-10-26_21-45-27

image

The PowerShell installation takes a couple of minutes, when complete click the the warning to launch the Configure Active Directory Certificate Services on the destination server link.

2013-10-26_21-07-42

2013-10-26_22-50-31

Choose the required user credentials and click Next

2013-10-26_22-50-58

Tick the CA and Web Enrolment boxes and click Next

image

I went with the Enterprise CA for AD integration. Click Next

2013-10-26_22-51-45

As this is the first CA we have to select it as the Root CA. Click Next

2013-10-26_22-53-27

Click Next

2013-10-26_22-53-47

Leave the default settings and Click Next

2013-10-26_23-02-07

Enter your Common name for the CA and click Next

2013-10-26_23-02-36

I left this alone as a 5 Year validity period due to the fact that this infrastructure won’t be here in 5 years time. Click Next

2013-10-26_23-02-58

Click Next

image

Check the details and click Configure

2013-10-26_23-05-28

2013-10-26_23-05-48

Click Close

image

To launch the CA Console go to Server Manager \ Tools \ Certification Authority

2013-10-26_23-10-50

To confirm that the web enrolment page is working open a browser and type in the name of the server followed by /certsrv (http://windc01/certsrv).

In this post we covered installing the Windows 2012 R2 Root Certificate Authority on a Windows Domain Controller, in the next post we will cover the configuration of the VMware specific Certificate Template and how to distribute the CA Root certificate to your clients.

Leave a Reply

Your email address will not be published. Required fields are marked *