#windowsserver2022 #windows #microsoft #server #dc #domaincontroller
What Is An Enterprise Root CA In ADCS?
An Enterprise Root CA in ADCS is a type of Certificate Authority that is used to issue digital certificates to organizations within an enterprise. The Enterprise Root CA is typically installed on a server that is located within the organization’s internal network.

Requirements To Set Up Enterprise Root CA In ADCS:
A Windows Server 2022 (Physical or a virtual machine)
An Administrator account to set up ADCS
Enterprise Root can be configured on the Domain Member Server only.

How To Set Up An Enterprise Root CA On Windows Server 2022?

1. Set up Active Directory Certificate Service (ADCS) Role- Open the ‘Add Roles and Features’
Let’s begin this process with setting up the ADCS role. Open the ‘Add Roles and Features’.
In Server Manager, go to Manage – Add Roles and Features

2. Select Role-Based Installation
Click Next button in the ‘Add Roles and Features’ wizard.
Select Role based or Feature based installation since it is a role based
Click Next.
3. Select the Server on which you are going to install the ADCS Role
Since it has only a local server, select that local server then click Next
4.Select ‘Active Directory Certificate Services’ role
Select the “Active Directory Certificate Services” role then click on Next.
5. Add the ‘Add Features’
Click on ‘Add Features’ button to add the ADCS features.
Click on Next, and Next again.
6. Initiate the ADCS installation process
Click on Next, and Next again. This will take you to the ADCS installation wizard.
Click the Next button to initiate the ADCS installation process and Add Features for Web Enrollment.
7. Select ‘Certificate Authority’ roles
You will be greeted with multiple option to choose. Select the first option ‘Certificate Authority’ Enrollment’ roles then click Next.
8. Begin the installation of ‘Certificate Authority’ and ‘Certification Authority Web Enrollment’ roles
Click on the Install button to being the installation of ‘Certificate Authority’
9. Start the Active Directory Certificate Service configuration wizard Upon the completion of the installation process, it prompts for Configuration, select “Configure Active Directory Certificate Services on destination server” to start the ADCS configuration wizard.
10. Select the Administrator account in the ADCS configuration wizard
By default, Domain Account should be selected (Server is Member of the Domain). Just ensure it is selected then click Next.
11. Select ‘Certificate Authority’ role in the ADCS configuration wizard
You are allowed to Check the ‘Certificate Authority’ and ‘Certificate
Authority Web Enrollment’ roles then click Next.
12. Select the Enterprise CA in the ADCS configuration wizard
You will be greeted to choose two types of CAs, Enterprise CA and Standalone CA.
Since we are configuring Enterprise CA, Select the Enterprise CA option then click on Next
13.Select the Root CA
You will be greeted with two options. Root CA and Subordinate CA.
Since we are going to set up Enterprise Root CA in this demo go with the Root CA option. We will cover about the Subordinate CA in a different post when we show you how to create two tier PKI system. Select Root CA then click Next.
14. Create a new private key for Enterprise Root CA
Private key is the first element of trust for any Certificate Authority. Let’s create a private key for this root CA. Since this is the newly created CA. Create a new private key.
Select “Create a New Private Key” then click Next.
15. Select Key Length & Hash Algorithm based on requirement
Select the Cryptographic Provider, Hash Algorithm and Key Length as per your design. Then Click Next.
16. Specify the name of the Certificate Authority
Specify the name of your CA, By default, Domain Name-Server Name with ‘– CA’ will be taken as the CA name.
17. Specify the Certificate validation period
Validity period is the expiration time of the CA’s certificate. Normal practice is to keep the validity period for up to 10 years for root CA certificates. However, you can keep the validity period anywhere between 5 to 10 years.
Click Next.
18. Specify Database & Logs location for Enterprise Root CA
Specify the location for database and logs for your Enterprise Root CA. You can leave this default as it is then click Next.
19. Verify the summary of the configuration
Look at all the configurations then click on Configure button.
20. Close the configuration wizard after the completion
Click on the Close button upon the completion of the configuration wizard.
21. Close the Certificate Authority configuration wizard
22.Open Certificate Authority Console
Server Manager - Tools -Certificate Authority
Right click on the Certificate Authority on the console and select the Properties. Where you see a plethora of options to configure your Enterprise Root CA.

свернуть