December 14, 2024
012420_2117_HowtoDeploy31.png
If you need certificates for your internal websites, applications, wireless network or pilot lab test, having an internal enterprise authority server is a good choice. Today, I am going to show you how to deploy an Enterprise Authority root server on Microsoft Windows server 2019. This is the simple way to have a certificate service for Internal and easy to maintain but it maybe not a good best practice, if you need the certificate service is deployed securely, you need to consider deploying Two-Tier (or more) PKI Hierarchy (at least a Root CA server and a subordinate server), I will show you how to deploy them for future post.

If you need certificates for your internal websites, applications, wireless network or pilot lab test, having an internal enterprise authority server is a good choice. Today, I am going to show you how to deploy an Enterprise Authority root server on Microsoft Windows server 2019. This is the simple way to have a certificate service for Internal and easy to maintain but it maybe not a good best practice, if you need the certificate service is deployed securely, you need to consider deploying Two-Tier (or more) PKI Hierarchy (at least a Root CA server and a subordinate server), I will show you how to deploy them for future post.

  1. Login to windows server 2019 (this is a member server of domain) via member of enterprise admins.
  2. On the Server Manager page, click Manager and select Add Roles and Features.

    012420 2117 HowtoDeploy1 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  3. On the Before you begin page, click Next.

    012420 2117 HowtoDeploy2 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  4. On the Installation Type page, select Role-based or features-based installation, click Next.

    012420 2117 HowtoDeploy3 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  5. On the Server Selection page, select the CA server and click Next.

    012420 2117 HowtoDeploy4 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  6. On the Server Roles page, select Active Directory Certificate Services, click Next.

    012420 2117 HowtoDeploy5 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  7. On the Add Features that are required for Active Directory Certificate Services? page, click Add Features.

    012420 2117 HowtoDeploy6 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  8. Click Next on the Server Roles page.

    012420 2117 HowtoDeploy7 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  9. On the Features page, click Next.

    012420 2117 HowtoDeploy8 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  10. On the Active Directory Certificate Services page, click Next.

    012420 2117 HowtoDeploy9 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  11. On the Select role services page, select Certification Authority and Certification Authority Web Enrollment, click Next.

    012420 2117 HowtoDeploy10 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  12. On the Add features that are required for Certification Authority Web Enrollment? page, click Add Features.

    012420 2117 HowtoDeploy11 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  13. Click Next on the Select role services.

    012420 2117 HowtoDeploy12 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  14. On the Web Server Role (IIS) page, click Next.

    012420 2117 HowtoDeploy13 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  15. On the Select role services page, click Next.

    012420 2117 HowtoDeploy14 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  16. On the Confirm installation selections page, select Restart the destination server automatically if required, click Yes on the warning message.

    012420 2117 HowtoDeploy15 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  17. On the Confirm installation selections page, click Install.

    012420 2117 HowtoDeploy16 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  18. Click Configure Active Directory Certificate Services on the destination server after Features installation completed.

    012420 2117 HowtoDeploy17 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  19. On the Credentials page, make you select the credential is a member of local Administrators group and Enterprise Admins group, click Next.

    012420 2117 HowtoDeploy18 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  20. On the Role Services page, select Certification Authority and Certification Authority Web Enrollment, click Next.

    012420 2117 HowtoDeploy19 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  21. On the Setup Type page, select Enterprise CA, click Next.

    012420 2117 HowtoDeploy20 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  22. On the CA Type page, select Root CA, click Next.

    012420 2117 HowtoDeploy21 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  23. On the Private Key page, select Create a new private key (because this is no existing CA server), click Next.

    012420 2117 HowtoDeploy22 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  24. On the Cryptography for CA page, select 4096 as key length (windows server 2019 supports 4096 now) and select SHA256 as hash algorithm, click Next.

    012420 2117 HowtoDeploy23 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  25. On the CA Name page, keep the Default settings, click Next.

    012420 2117 HowtoDeploy24 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  26. On the Validity Period page, keep the default 5 years settings, click Next.

    012420 2117 HowtoDeploy25 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  27. On the CA Database page, click Next.

    012420 2117 HowtoDeploy26 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  28. On the Confirmation page, click Configure.

    012420 2117 HowtoDeploy27 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  29. On the Results page, make sure Configuration succeeded, click Close.

    012420 2117 HowtoDeploy28 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  30. On the Installation progress page, click Close.

    012420 2117 HowtoDeploy29 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  31. On the Server Manager page, select Tools and click Certification Authority.

    012420 2117 HowtoDeploy30 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

  32. You will see the Certification Authority up and running now.

    012420 2117 HowtoDeploy31 - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to Deploy an Enterprise Certification Authority Root Server on Microsoft Server 2019

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun