Can I start a certification authority after the 10th

Windows Practice: Use Active Directory Certificate Services

Use the installation wizard

On the next page, select the setup type. Here you should select the Company (recommended) option because you install a root CA for the first CA (Certification Authority). With this selection, the CA is also integrated into Active Directory. This causes the certification authority to distribute the certification authority's certificate to all servers and client computers on the network.

On the next page of the wizard, you specify the type of certification authority. If possible, you should select a root certification authority (recommended) during the first installation. When installing a certification authority for the first time, you choose that you want to create a new private key, as there is no key for this certification authority yet. On the next page of the wizard, you specify the encryption with which you want to issue certificates. You should leave the standard here if possible.

On the next page you define the name for the new certification authority. Here you should choose a suitable name for the first root certification authority in the company. You then determine the period of validity for the certificates and complete the configuration. These are available after the certificate services have been installed.

After the installation you can use the administration program Start / Administration / Certification Authority check whether the installation was successful. The server should be displayed with a green check mark in the administration interface.

A first check

Do you still have the role service during the installation Certification Authority Web Registration selected, the web interface of the certification authority is also available via the link https: // / certsrv to disposal. This website should open without errors after authentication.

There is also the additional tool PKIView with which the general status of the certification authority can be checked very quickly. If the tool finds errors, these are displayed in a console. The quickest way to start the tool is to enter

on a command line.

All member computers in a domain trust an internal root certification authority with the type Companies automatically. The certificate of this certification authority is integrated into the certificate store of the trusted root certification authorities on the client computers and member servers. In order for the server to be able to issue certificates without errors, it must be a member of the group Certificate issuer be. This group is located in the OU Users.

The most important data of the Active Directory certificate services can be backed up. From the CA context menu in the management console, select Secure all tasks / certification body. Then the wizard starts, which can be used to back up the certification authority and its data. On the next page of the wizard, select which files should be backed up and in which file the backup will be saved. Then assign a password for the backup so that nobody has access to the data. Data can also be restored in the same way.