How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

      Comments Off on How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

If you need certificates for your internal websites, applications, wireless network or pilot lab test, having an internal enterprise authority server is a good choice. Today, I am going to show you how to deploy an Enterprise Authority root server on Microsoft Windows server 2019. This is the simple way to have a certificate service for Internal and easy to maintain but it maybe not a good best practice, if you need the certificate service is deployed securely, you need to consider deploying Two-Tier (or more) PKI Hierarchy (at least a Root CA server and a subordinate server), I will show you how to deploy them for future post.

  1. Login to windows server 2019 (this is a member server of domain) via member of enterprise admins.
  2. On the Server Manager page, click Manager and select Add Roles and Features.

    012420 2117 HowtoDeploy1 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  3. On the Before you begin page, click Next.

    012420 2117 HowtoDeploy2 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  4. On the Installation Type page, select Role-based or features-based installation, click Next.

    012420 2117 HowtoDeploy3 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  5. On the Server Selection page, select the CA server and click Next.

    012420 2117 HowtoDeploy4 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  6. On the Server Roles page, select Active Directory Certificate Services, click Next.

    012420 2117 HowtoDeploy5 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  7. On the Add Features that are required for Active Directory Certificate Services? page, click Add Features.

    012420 2117 HowtoDeploy6 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  8. Click Next on the Server Roles page.

    012420 2117 HowtoDeploy7 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  9. On the Features page, click Next.

    012420 2117 HowtoDeploy8 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  10. On the Active Directory Certificate Services page, click Next.

    012420 2117 HowtoDeploy9 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  11. On the Select role services page, select Certification Authority and Certification Authority Web Enrollment, click Next.

    012420 2117 HowtoDeploy10 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  12. On the Add features that are required for Certification Authority Web Enrollment? page, click Add Features.

    012420 2117 HowtoDeploy11 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  13. Click Next on the Select role services.

    012420 2117 HowtoDeploy12 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  14. On the Web Server Role (IIS) page, click Next.

    012420 2117 HowtoDeploy13 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  15. On the Select role services page, click Next.

    012420 2117 HowtoDeploy14 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  16. On the Confirm installation selections page, select Restart the destination server automatically if required, click Yes on the warning message.

    012420 2117 HowtoDeploy15 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  17. On the Confirm installation selections page, click Install.

    012420 2117 HowtoDeploy16 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  18. Click Configure Active Directory Certificate Services on the destination server after Features installation completed.

    012420 2117 HowtoDeploy17 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  19. On the Credentials page, make you select the credential is a member of local Administrators group and Enterprise Admins group, click Next.

    012420 2117 HowtoDeploy18 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  20. On the Role Services page, select Certification Authority and Certification Authority Web Enrollment, click Next.

    012420 2117 HowtoDeploy19 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  21. On the Setup Type page, select Enterprise CA, click Next.

    012420 2117 HowtoDeploy20 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  22. On the CA Type page, select Root CA, click Next.

    012420 2117 HowtoDeploy21 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  23. On the Private Key page, select Create a new private key (because this is no existing CA server), click Next.

    012420 2117 HowtoDeploy22 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  24. On the Cryptography for CA page, select 4096 as key length (windows server 2019 supports 4096 now) and select SHA256 as hash algorithm, click Next.

    012420 2117 HowtoDeploy23 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  25. On the CA Name page, keep the Default settings, click Next.

    012420 2117 HowtoDeploy24 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  26. On the Validity Period page, keep the default 5 years settings, click Next.

    012420 2117 HowtoDeploy25 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  27. On the CA Database page, click Next.

    012420 2117 HowtoDeploy26 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  28. On the Confirmation page, click Configure.

    012420 2117 HowtoDeploy27 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  29. On the Results page, make sure Configuration succeeded, click Close.

    012420 2117 HowtoDeploy28 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  30. On the Installation progress page, click Close.

    012420 2117 HowtoDeploy29 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  31. On the Server Manager page, select Tools and click Certification Authority.

    012420 2117 HowtoDeploy30 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  32. You will see the Certification Authority up and running now.

    012420 2117 HowtoDeploy31 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

Author: Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net
Twitter:@SifuSun

About Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA Blog: http://www.carysun.com http://www.checkyourlogs.net Twitter:@SifuSun