Friday, February 28, 2014

How to Set up “Active Directory Certificate Service” in Windows Server 2008 R2

Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies.

   or


Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies.

Setting up AD CS


Open the “Server Manager” and select “Active Directory Certificate   
Service” in your Domain Controller Machine


Select AD CS and Click Next 


Click Next 


select the services and click Next


. Here I am selecting Enterprise as my setup type, click next


Select Root CA and click next.


Select “Create a new private key” and click next.


Give the names and click next (remember this will be Certificate Authority name)

Set the validity period and click next.


Configure the certificate database location and click next.


Choose a certificate for SSL encryption (use the recommended)


Click Next


After enabling web server it will automatically select the required services.



Now we are done with manual selections, just click Install and it will install the selected roles and services.



For that first we need to take the certificate from the machine which has the AD certificate Service role enabled. By default it will be located under here: (Extension of the file will be .crt)

C:\WIndows\System32\Certsrv\CertEnroll

Once you got the certificate now you can go ahead and import it in the root certification authorities folder. For that do the following.

Start –> run –> type “mmc”

It will open a console window, from the file menu select “Add/Remove Snap in”

Select the “Certificates” snap in and add it.


Once it is done then import the certificate to the “Trusted Root Certification Authorities”



If you didn’t do it then you may get the below error once you try to create a domain certificate in IIS 7.

“A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 0x800b0109”














Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)