Certificate Authority
Microsoft ADCS

Configure Active Directory Certificate Systems

1min

A new installation of Active Directory Certificate Services (ADCS) needs to be configured with a Public Key Infrastructure (PKI).

If Active Directory is not already installed, please do so before proceeding, unless this is a standalone CA.

1

Click Start > Administrative Tools > Server Manager. Select the flag icon to the left of Manage.

2

Select Configure Active Directory Certificate Services on the destination.

3

The Credentials page will open. Ensure your login meets the displayed requirements. Click [ Next ].

4

The Select Role Services page will open. Select Certification Authority to enable the management and issuance of certificates. Click [ Next ].

5

The Specify Setup Type page will open. The type designates the kind of certificate authority server and depends on your business requirements. Select either Enterprise or Standalone. Enterprise CAs are integrated with Active Directory, while standalone CAs conduct operations offline.

6

The Specify CA Type page will open. Click Root or Subordinate. Select Root if you have not yet created a PKI. Select Subordinate if you are integrating with an existing PKI. Click [ Next ].

7

The Set Up Private Key page will open. Select Use existing private key or Create a new private key.

  • Select Use existing private key if you have integrated this CA with the hardware previously and the private key already exists on the (for example, this is a reinstallation of the CA server). Then, choose Select an existing private key on this computer.
  • If this is a new CA, select Create a new private key.
8

If Create a new private key was selected:

  • The Configure Cryptography for CA window will open. Choose Futurex FXCL KMES CNG from the drop-down menu.
  • Select a key character length: 2048, 3072, or 4096.
  • Select one of the following hash algorithm from the drop-down menu: SHA-1, SHA-256, or SHA-512.
  • Checking Allow administrator interaction when the private key is accessed by the CA has no effect.
  • Select [ Next ].
9

If Use existing private key was selected:

  • The Existing Key window will open. Change the Cryptographic provider to Futurex FXCL KMES CNG.
  • Clear the common name field. Select [ Search ]. Locate the key you want to use from the search results.
  • Checking Allow administrator interaction when the private key is accessed by the CA has no effect.
  • Select [ Next ].
10

In the CA Name page, configure your PKI names and select [ Next ].

11

If you selected Root CA in step 6, the Set the Certificate Validity Period page opens. Enter the default validity for the root CA and select [ Next ].

12

If you selected Subordinate CA in step 6, the Certificate Request page opens. You can choose one of the following options:

  • Choose a parent CA instance of AD CS on your domain to issue you a certificate.
  • Save a certificate request to file and have it signed by an external CA.
13

In the Certificate Database page, select [ Next ].

14

In the Confirmation page, select [ Configure ].

For more information on installing and configuring Active Directory Certificate Services, see the Microsoft documentation.

Updated 06 Dec 2024
Did this page help you?
PREVIOUS
Install Active Directory certificate Services (ADCS)
NEXT
Verify the integration
Docs powered by Archbee