Step-Step Guide To Install And Configure CA on Domain Controller - Day 2

How to Install CA on Domain Controller Day 2

🧩 Prerequisites

You must be logged in as a Domain Administrator or have equivalent privileges.

The server must be a Domain Controller.

Ensure the server has a static IP and proper DNS configuration.

Windows Server installation media (if requested during setup).

Server Manager or PowerShell access.

🏗️ Step 1: Add the AD CS Role
Using Server Manager

Open Server Manager → click Manage → Add Roles and Features.

Choose Role-based or feature-based installation → click Next.

Select your Domain Controller → click Next.

Under Server Roles, check Active Directory Certificate Services.

When prompted to add features, click Add Features.

Click Next through the wizard, then click Install.

⚙️ Step 2: Configure Active Directory Certificate Services (AD CS)

After the role installs:

In Server Manager, click the flag notification icon → Configure Active Directory Certificate Services on this server.

In the Credentials step, verify you are using a Domain Administrator account.

On the Role Services step, select:

Certification Authority

(Optional) Certification Authority Web Enrollment, if you want web-based certificate requests.

Click Next.

🧾 Step 3: Configure the CA

Setup Type: Choose Enterprise CA (integrates with AD).

CA Type: Choose Root CA (if this is your first CA).

Private Key: Choose Create a new private key.

Cryptography settings: Defaults (RSA, 2048-bit or higher) are usually fine.

CA Name: Leave default or customize.

Validity Period: Usually 5–10 years.

Database Locations: Leave default unless you have specific storage requirements.

Click Configure → wait for installation to complete.

✅ Step 4: Verify Installation

Open Certification Authority console (certsrv.msc).

Expand your CA name → verify Issued Certificates and Revoked Certificates containers exist.

Open a PowerShell prompt and test with:

certutil -ping


Check event logs: Applications and Services Logs → AD CS for errors or warnings.
🔔 Subscribe to my channel for more content
👉    / @learningcurve7206