Considering that you have already installed Active Directory.
1. In the ‘Server Manager’, select Roles in the left pane, then Add Roles in the right pane. Place a check mark in the check box for Active Directory Certificate Services. Then click Next.
Active Directory Certificate Services
2. Select Certification Authority and Certification Authority Web Enrollment role service, click Next.
Select Role Service
3. Select Enterprise CA from Specify Setup Type then
Select Enterprise CA
Next.
4. From Specify CA type choose Root CA, Next
From Specify CA type choose Root CA
5. Setup Private key section choose Create a new private key, Next
Create a new private key
6. Configure cryptography for CA; leave default settings, Next
Configure Cryptography for CA
7. Configure CA name; here you can change common name for this CA as per your need or leave the default settings. It will generate according to your domain name and computer name.
common name for this CA
8. There are some dependencies to IIS web server, so select it to install and choose all roles services from iis, Next
9. Click install to start the installation process.
Confirm Installation
10. Installation result page will show you the result of the setup, click close to exit the Windows.
Installation result page
Installing Microsoft Active Directory Certificate Services in this way is very straightforward approach but useful for the beginner.
In my Next post Installing Certificate Enrollment Web Service i will cover how to install role services such as Certificate Enrollment Web Service to request Web server, User certificates to this CA through web.
