Do the following steps to install the Certificate Services in Windows 2008 and enable LDAP oved SSL in Active Directory.
Note: The server is a member of the domain, and is a domain controller.
- 1. Open Server Manager.
- 2. Select Roles, then click Add Roles in the center pane.
- 3. The Before You Begin page may show up if you haven’t turned it off already. If you see it just click Next.
- 4. In the Select Server Roles window go ahead and select Active Directory Certificate Services by placing a checkmark next to it, then go ahead and click Next.
- 5. Now you will see an Introduction to Active Directory Certificate Services.
- Note: Name & Domain settings of this computer cannot be changed after a CA has been installed. If you want to change the computer name, join a domain, or promote this server to a domain controller do so BEFORE install thing the CA.
- Now with that warning out of the way, go ahead and click on Next.
- 6. Next you get to Select Role Services, which can include any of the following depending on what version of Windows Server 2008 you are installing this on — refer to the table above for specifics.
- For this install we are going to choose the Certification Authority only.
- 7. Now comes the Specify Setup Type, and for this we are going to select the Enterprise radio button.
- 8. For the Specify CA Type, we are going to choose the Root CA radio button and then click Next.
- 9. In Set Up Private Key, we are going to choose Create a new private key radio button and then select Next.
- 10. Now you have to Configure Cryptography for CA in this window and there are quite a few to choose from.
- 11. In Configure CA Name you can choose to overwrite the default common name for this CA and also the Distinguished name suffix if you so choose.
- 12. Next we will Set Validity Period for this CAs certificate.
- Remember a root CA issues itself a certificate. The default is 5 Years so we will just leave it at that. You can change this based on any need you might have in your environment. Click Next.
- 13. Configure Certificate Database will let you specify where you want to put the database and log files for the CA.
- 14. On the Confirm Installation Selections you can see the answers you have chosen and you will again see a warning that you cannot change the computer name or domain settings for this server after installing the CA.
- 15. After a few minutes you will see the Installation Results, and with any luck you will have the message: Installation succeeded.
- After your glow of certificate happiness fades go ahead and click Close.
- 16. Now let’s go in and take a look by clicking on Certification Authority in Administrative Tools (if you get a UAC pop up just click Ok).
- 17. Now you can see the snap-in is showing the CA named Test-Enterprise-CA in the left pane with a bunch of folders for certificates.
- 18. You can also see that if you click the Certificate Templates folder, there are quite a few default templates that are already setup and ready to go.
You are done!
This instruction was taken from here.