Previous Topic: How to Add the Active Directory Certification Role to Active DirectoryNext Topic: Security Configuration

Active Directory ConfigurationHow to Create an AD Certificate File

How to Create an AD Certificate File

Follow these steps:

  1. Open a Command Prompt using the option Run as Administrator.
  2. Enter MMC and press Enter.

    The Microsoft Management Console opens.

    microsoft management console

  3. Select File from the toolbar and select Add/Remove Snap-in, from the drop-down list.

    The Add or Remove Snap-ins wizard opens.

    Add Snap-ins

  4. Select Certificate in the Available snap-ins section, click Add to move it to the Selected snap-ins section, and then click OK.

    The Certificates snap-in page opens.

    Certificate Snap-in

  5. Select Computer account and click Next.

    The Select Computer page opens.

    select computer

  6. Select Local computer: (the computer this console is running on), and click Finish.

    The Add or Remove Snap-ins page opens. The Certifications (Local Computer) is added to Selected snap-ins.

    Certification moved to Selected

  7. Click OK. The Add or Remove Snap-ins wizard closes.
  8. Expand Certificates (Local Computer) in the Console.

    Console_Certification

  9. Expand Personal.
  10. Right-click Certificates, select All Tasks, and then select Request New Certificate.

    The Certificate Enrollment wizard opens.

    Certificate Enrollment page

  11. Read the instructions and click Next.

    The Select Certificate Enrollment Policy page opens.

    SelectCertiEnroll

  12. Verify that Active Directory Enrollment Policy is selected, and click Next.

    The Request Certificates page opens.

    AD_RequestCert

  13. Select Domain Controller, Domain Controller Authentication, and click Enroll.

    The Certificate Installation Results page opens.

    Certificate Result

  14. Verify that the status is Succeeded for both policies, and click Finish.
  15. Verify that there are three certificates under Certificates, in the Console.
  16. Right-click the certificate with the Intended Purpose of <All>.
  17. Select All Tasks and Export.

    The Certificate Export Wizard opens.

  18. Click Next, to continue.

    AD_ExportPvtKey

  19. Select the option No, do not export the private key, and click Next.

    AD_ExportFileFormat

  20. Select DER encoded binary X.509 (.CER), and click Next.

    AD_CertiExport

  21. Browse and create a folder named Certificate (\Certificate).
  22. Name the certificate file to identify it (ASC-AD.cer) and click Next.

    The Completing the Certificate Export page opens.

    AD_CompleteExport

  23. Verify the Certification Export information and click Finish.

    A success message opens.

  24. Click OK.
  25. Close the Microsoft Management Console.

    A save message opens.

  26. Click Yes and Save to save the Console.

    A Certification File (ASC-AD.cer) in created in the Certification folder on the Domain Controller.

    Note: Copy the Certification File (ASC-AD.cer) to the CA Process Automation server.