Advertisements
Latest Posts

Part 2 – Setup CA server and deploy PKI(Public Key Infrastructure) certificates for SCCM 2012


Build a Offline Standalone Root CA(Certificate Authority)

Login into server that is running on Windows Server 2012 which is not connected to Network and domain.

We need to Add Active Directory Certificate Services role. Goto Server Manager Tool and Click on Add and features.

On Server roles page, Select Active Directory Certificate Services and Click Next.

1

And select Certification Authority on role services page and click Next.

2

Click Install.

3

Installation completed and we need to configure Certificate service. Click Configure Active Directory Certificate Services on the Destination server.

4

Click Next.

5

Select Certification Authority and click Next

6

Select Standalone CA and Click Next.

Enterprise CA option will be disabled by default since this server is not part of Domain

7

Select Root CA and click Next.8

We have to select Create a new private key,Key Length to 4096, CA name to ROOTCA, Validity period to 5 Years

10

11

12


14

Offline Standalone Root CA Configuration is completed.

15

After the installation, it will place below files in the c:\windows\system32\Certsrv\CertEnroll

Trusted Root Certificate : ROOTCA_ROOTCA.crt

Certificate Revocation List : ROOTCA.crl (which contains the list of revoked certificates)

And we need to export these files and import into Subordnate CA. I will be covering this on Next Post.

16

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s