:: infotechGuyz.com ::
> For IT community by IT community

• Windows Server 2008
• Exchange Server 2007
• Exchange Server 2010
• Scripting / Command-line
• Networking
• Storage Area Network
• BlackBerry Server (BES)
• SQL Server 2005
• Windows 7
• Office 2010

InfotechGuyz.com Blog

Windows Server 2008 Active Directory Certificate Services (AD CS) Explained

Windows Server 2008 Active Directory Certificate Services (AD CS) is known as Certificate Services in Server 2003. In Server 2003, Certificate Services is installed from ADD/REMOVE Windows components. In Server 2008, Active Directory Certificate Services (AD CS) is installed from +Add Roles. AD CS is a low cost method of issuing digital certificates internally and maintaining a Certificate Authority (CA) infrastructure.

Active Directory Certificate Services Roles

- Enterprise root certification authority
This is the top level, most trusted CA in an organization which should be installed before any other roles. This role should be highly protected as this is a most important role in CA infrastructure.

- Enterprise subordinate certification authority
Enterprise subordinate CA can be used to off load work from Enterprise root CA. This CA can issue digital certificates internally but it must get a certificate from Enterprise root CA.

- Stand-alone root certification authority
As the name implies, this is the top level CA that is independent from Enterprise root CA. Stand-alone root CA can be deploy for testing or particular purposes.

- Stand-alone subordinate certification authority
As the name implies, subordinate CA can be used to off load work from Stand-alone root CA. This CA can issue digital certificates but it must get a certificate from Stand-alone root CA.

 
How to install Windows Server 2008 Active Directory Certificate Services (AD CS)

1. Open Server Manager
2. Click on Add Roles
3. Click Next, chose “Active Directory Certificate Services”, click Next, click Next
4. Choose required roles services.
5. Choose Enterprise CA
6. Choose Root CA
7. Choose create new private key
8. Choose default settings for private key encryption settings
9. Choose the name of the CA, example: Organization-RootCA
10. Choose 5-year validity period.
11. Choose certificate database and log location
12. Confirm selections and click Install

 

After Enterprise root CA is install, it can be managed from Certification Authority console, Start>All
Programs>Administrative Tools>Certification Authority