- Log in to the Active Directory Domain Controller as the Domain Administrator
- Open the Server Manager.
- Right-click the Computer icon and select Manage.
- Expand Server Manager, select Roles, and click Add Roles.
The Add Roles page opens.
- Click Next.
The Select Server Roles page opens.
- Select Active Directory Certificate Services, and click Next.
The Introduction to Active Directory Certificate Services page opens informing you about the services.
- Click Next.
The Select Role Services page opens.
- Select Certification Authority, and click Next.
The Specify Setup Type page opens.
- Select Enterprise, and click Next.
The Specify CA Type page opens.
- Select Root CA, and click Next.
The Set Up Private Key page opens.
- Select Create a new private key, and click Next.
- Complete the following fields:
- Select RSA#Microsoft Software Key Storage Provider from the CSP drop-down list.
- Select 2048 from the Key character length drop-down list.
- Select SHA1 as the hash algorithm for signing certificates.
- Ensure the check box Allow administrator interaction when the private key is accessed by the CA is clear.
- Click Next.
The Configure CA Name page opens.
- Complete the following fields:
- Enter a name in the Common name for this CA field.
- Enter a suffix to the name in the Distinguished name suffix field.
- Preview the name in the Preview of distinguished name field.
- Click Next.
The Set Validity Period page opens.
- Set the validity period, and click Next.
- Complete the following fields:
- Verify or change the Certificate database location.
- Verify or change the Certificate database log location.
- Click Next.
The Confirm Installation Selections page opens.
- Verify the Active Directory Certificate Services setup, and click Install.
The Installation Results page opens.
- Verify that the installation has succeeded.
- Click Close to close the Add Role Wizard.
- Verify that the Server Manager now has an Active Directory Certificate Role.
- Close the Server Manager.
You have successfully added the active directory certification role to the Active Directory.