Skip to main content
This section explains how to associate the signed AD CS certificate with its corresponding private key stored in your Windows account profile. Before making this association, you must import the CA certificate that issued the AD CS certificate into the Trusted Root Certification AuthoritiesWindows Certificate Store.

Import the CA Certificate

Perform the following steps to import the CA Certificate that issued the AD CS Certificate into the Trusted Root Certification Authorities Store:
1
On the computer where you plan to install Microsoft AD CS, open the Manage computer certificates program.
2
Right-click the Trusted Root Certification Authorities store and select All Tasks > Import.
3
Follow the steps in the Certificate Import Wizardto import the Root CA certificate file that you exported from the KMES and moved to this computer in the previous section.
A confirmation message displays if the import succeeds.

Associate the certificate with its key

Perform the following steps to associate the signed AD CS certificate with its corresponding private key stored in your Windows account profile:
1
Open either the command prompt or PowerShell.
2
Go to the directory where you saved the signed AD CS certificate file.
3
Run the following command to create an association between the signed AD CS certificate and its corresponding key pair stored in your Windows account profile:
Powershell
certreq -accept -machine signed_adcs_cert.pem
If the command succeeds, information about the installed certificate displays.