Certificate services is a component on Microsoft Windows Server that is necessary for integrating when using a customer hosted Active Directory or RADIUS/8021x server. Installing certificate services enables you to deploy a root certificate authority which can then be used to issue certificates that encrypt data such as authentication credentials. This guide takes you through how to deploy a Stand-alone root CA which is different than an Enterprise CA in that there is no ability to create templates or configure auto-enrollment.
The first step to obtaining a digital certificate is to install Certificate Services on the server. To do this go to Start -> Control Panel -> Add or Remove Programs. From here select Add/Remove Windows Components on the left hand side of the menu as shown in Figure 1. Check the box next to Certificate Services, a warning box will pop up informing you to not change the machine name or domain membership of the server as this may invalidate the certificate and cause authentications to fail as shown in Figure 2. Select Yes and click Next > to proceed to the next screen.
On the next screen select Stand-alone root CA as the CA type as shown in Figure 3 and click the Next > to continue.
In the next step you will be asked to specify the Common name or machine name of the server you are currently installing a root CA for as shown in Figure 4. You can also specify the Validity period for the certificate authority you are currently configuring. Click Next > to continue.
The next screen asks you to specify the folder name for the Certificate database where the certificates will be stored as well as where the certificate logs will be kept as shown in Figure 5. Click Next > to continue. The server will install the certificate services component and will prompt you to either insert the Windows Server 2003 CD-ROM or ask you to Browse... to the local i386 folder. Click the Finish button to complete the installation successfully.