Part 2 – Setup CA server and deploy PKI(Public Key Infrastructure) certificates for SCCM 2012

Build a Offline Standalone Root CA(Certificate Authority)

Login into server that is running on Windows Server 2012 which is not connected to Network and domain.

We need to Add Active Directory Certificate Services role. Goto Server Manager Tool and Click on Add and features.

On Server roles page, Select Active Directory Certificate Services and Click Next.

And select Certification Authority on role services page and click Next.

Click Install.

Installation completed and we need to configure Certificate service. Click Configure Active Directory Certificate Services on the Destination server.

Click Next.

Select Certification Authority and click Next

Select Standalone CA and Click Next.

Enterprise CA option will be disabled by default since this server is not part of Domain

Select Root CA and click Next.

We have to select Create a new private key,Key Length to 4096, CA name to ROOTCA, Validity period to 5 Years

Offline Standalone Root CA Configuration is completed.

After the installation, it will place below files in the c:\windows\system32\Certsrv\CertEnroll

Trusted Root Certificate : ROOTCA_ROOTCA.crt

Certificate Revocation List : ROOTCA.crl (which contains the list of revoked certificates)

And we need to export these files and import into Subordnate CA. I will be covering this on Next Post.