Configure Active Directory Certificate Systems

now, you must configure a new installation of active directory certificate services (adcs) with a public key infrastructure (pki) if you have not installed active directory, do that before proceeding, unless this is a standalone ca select start > administrative tools > server manager select the flag icon to the left of manage select configure active directory certificate services on the destination on the credentials page, ensure your login meets the displayed requirements select \[ next ] on the select role services page, select certification authority to enable the management and issuance of certificates select \[ next ] on the specify setup type page, the type designates the kind of certificate authority server and depends on your business requirements select either enterprise or standalone enterprise cas integrate with active directory, while standalone cas conduct operations offline on the specify ca type page, select root or subordinate select root if you have not yet created a pki select subordinate if you are integrating with an existing pki select \[ next ] on the set up private key page, select use existing private key or create a new private key if you have integrated this ca with the {{futurex}} hardware previously and the private key already exists on the {{ch}} (for example, this is a reinstallation of the ca server), select use existing private key then, choose select an existing private key on this computer if this is a new ca, select create a new private key if create a new private key was selected on the configure cryptography for ca window, choose futurex fxcl kmes cng from the drop down menu select a key character length 2048 , 3072 , or 4096 select one of the following hash algorithms from the drop down menu sha 1 , sha 256 , or sha 512 checking allow administrator interaction when the private key is accessed by the ca has no effect select \[ next ] if use existing private key was selected in the existing key window, change the cryptographic provider to futurex fxcl kmes cng clear the common name field select \[ search ] locate the key you want to use from the search results checking allow administrator interaction when the private key is accessed by the ca has no effect select \[ next ] in the ca name page, configure your pki names and select \[ next ] if you selected root ca in step 6, the set the certificate validity period page opens enter the default validity for the root ca and select \[ next ] if you selected subordinate ca in step 6, the certificate request page opens you can choose one of the following options choose a parent ca instance of ad cs on your domain to issue you a certificate save a certificate request to a file, and have it signed by an external ca in the certificate database page, select \[ next ] in the confirmation page, select \[ configure ] for more information on installing and configuring active directory certificate services, see the microsoft documentation https //learn microsoft com/en us/windows server/networking/core network guide/cncg/server certs/install the certification authority