Latest Posts

Part 2 – Setup CA server and deploy PKI(Public Key Infrastructure) certificates for SCCM 2012

Build a Offline Standalone Root CA(Certificate Authority)

Login into server that is running on Windows Server 2012 which is not connected to Network and domain.

We need to Add Active Directory Certificate Services role. Goto Server Manager Tool and Click on Add and features.

On Server roles page, Select Active Directory Certificate Services and Click Next.


And select Certification Authority on role services page and click Next.


Click Install.


Installation completed and we need to configure Certificate service. Click Configure Active Directory Certificate Services on the Destination server.


Click Next.


Select Certification Authority and click Next


Select Standalone CA and Click Next.

Enterprise CA option will be disabled by default since this server is not part of Domain


Select Root CA and click Next.8

We have to select Create a new private key,Key Length to 4096, CA name to ROOTCA, Validity period to 5 Years





Offline Standalone Root CA Configuration is completed.


After the installation, it will place below files in the c:\windows\system32\Certsrv\CertEnroll

Trusted Root Certificate : ROOTCA_ROOTCA.crt

Certificate Revocation List : ROOTCA.crl (which contains the list of revoked certificates)

And we need to export these files and import into Subordnate CA. I will be covering this on Next Post.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: