Install Certificate Authority on Windows Server 2012 R2  

Active Directory Certificate Services provides a customizable set of services that allows you to issue and manage public key infrastructure (PKI) certificates. Certificates are electronic representations of users, computers, network devices, or services, issued by a certification authority that is associated with a public and private key pair.

Certificate Authority receives a certificate request, verifies the requester’s identity data according to the policy of the CA, and uses its private key to apply its digital signature to the certificate. The certificate authority can be a third-party issuer, such as VeriSign, every CA also has a certificate confirming its identity, issued by another trusted CA or root CAs.

All certificates issued by a certification authority have a validity period. The validity period is a time range that specifies how long public key infrastructure clients can accept the certificate as an authoritative credential based on the identity stated in the subject of the certificate.

Enterprise Certificate Authorities

Enterprise certificate authorities publish certificates and certificate revocation lists to Active Directory. Enterprise CAs engaged certificate templates when issuing certificates.

Stand-alone certificate authorities

Stand alone certificate authorities are not integrated into Active Directory and do not support certificate templates. If you deploy stand-alone CAs, you must include all the information about the requested certificate type in the certificate request. CA can issue certificates automatically upon request, but this is not recommended because the requests are not authenticated.

Root Certificate Authorities

A root CA, sometimes called a root authority, is the only CA that signs its own certificate. The physical security and the certificate issuance policy of a root CA should be tightly reinforced.

Subordinate Certificate Authorities

Subordinate CAs normally issue certificates for specific purposes, such as secure email, SSL, Wireless 801.x security, or smart card authentication.

1. Open Server Manager – Manage – Click Add Roles and Features option.


2. Add Roles and Features Wizard option, Click Next.


3. Select Role-based or feature based installation.


4. Select Active Directory Certificate Services option and then Click Next.



5. Active Directory Certificate Services option appear, Click Next.


6. Choose Certification Authority option


7. Click Install to Proceed.


8. After Completing the procedure, Click on close option.


Related Articles: