You install Certificate Services using the Windows Component Wizard. You can install the CA, the Web enrollment component, or both from the wizard. To complete the installation, follow these steps:
- Launch the Windows Component Wizard by opening Add/Remove Programs in the Control Panel. Then select the Add/Remove Windows Components option offered on the left side of the dialog box.
- When the wizard opens, select Certificate Services from the component list. The installer warns you that after the CA software is installed, you can’t change the name of the server or move it into or out of an Active Directory domain. If you have a server you want to use as the enterprise CA, make sure it is a member of the domain BEFORE you start. If the server will also be a domain controller, run dcpromo to promote it to a domain controller status before installing Certificate Services.
- If you want to install only one of the components (for example, if you want to set up a CA with no Web-enrollment capacity), click Details and clear any component you don’t want to install. Click Next.
- The CA Type page appears. Select the option that corresponds to the CA type you want: enterprise root, enterprise subordinate, stand-alone root, or stand-alone subordinate. (If your machine is not domain joined, your available selections will be limited). Select Stand-alone root CA. Click Next.
- The CA Identifying Information page appears. Type a common name for the CA. An example would be YourDomainCA. Type in the distinguished name suffix. An example would be DC=YourDomain,DC=local. By default, newly generated CA certificates are valid for five years; you can adjust that period in the Validity Period drop-down list. Click Next.
- Accept the default settings for Certificate Database Settings. Click Next.
- The installer will tell you to it must stop the service to complete the installation.
- When the wizard finishes the installation, Certificate Services is available