Creating a Certificate Authority on Windows Server 2012

In this tutorial we will be setting up a Certificate Authority (CA) on a domain controller running Server 2012. In this lab the functional level of the domain and forest are set to 2012.

Install the CA Role

1. Begin by logging into your server using a domain admin account.
2. From  Server Manager dashboard click “Add roles and features”
   
3. Click NEXT
4. At installation type, accept the default value and click NEXT.
   
5. At the server selection prompt accept the default and click NEXT.
   
6. At the server roles prompt, select Active Directory Certificate Services. You will then be prompted to install additional tools. At this prompt click Add Features. Then click NEXT.
   
7. Click NEXT at the following prompt.
8. At the role services prompt select the features you wish to install. You may be asked to install additional prerequisites. If so, click Add Features. In this lab I am installing all role services.
   
9. Once you have selected your role services, click NEXT.
10. Click NEXT  at the following two prompts.
11. Finally, at the last prompt check “Restart the destination server automatically if required” and then click Install.
    
12. After the installation finished and your server has been restarted, you may configure the CA Authority.

Configuration

1. After the installation is complete you will see a notification in server manager. Select the item labeled Post-Deployment Configuration.
2. At the credentials prompt, click NEXT.
3. At the Role services select the first three as shown below. After making your selections, click NEXT.
   
4. Click NEXT at the setup type prompt.
5. Click NEXT  at the CA Type prompt to accept the default of Root CA.
6. Click NEXT  at the Private Key prompt to accept the default of Create new private key.
7. Click NEXT  on the CA Name to accept the defaults. Otherwise input your desired common name.
8. Define the length of your desired validity period. The default is 5 years. Click NEXT.
   
9. Accept the defaults for the Certificate database values unless you have a specific reason to store them elsewhere. Click NEXT.
10. Verify your configuration and click Configure.
    
    
11. After the configuration finishes, you should be presented with the following:
    
12. In my case, I was prompted to install additional role services. I clicked NO.

If you would like to test your configuration, you may point your browser to http:\\nameofserver\certsrv

Obviously, you would want to replace “nameofserver” with your server’s name.

I hope this helps those new to Server 2012. Let me know if you run into any issues or if you have any recommended configuration changes.