In this exercise, we will install the AD Certificate Services role on a server. But before
we install this role, we need to make a few decisions: Will this be an Enterprise CA or
Name Description Key Usage Subject
Smart card
Logon
Authenticate using smart cards Signature and
Encryption
User
Subordinate CA Prove identity of the root CA
for the subordinate
Signature CA
Trust List Signing
User
Digitally sign certificate trust
lists, authenticate, e-mail sign,
and encrypt, and EFS
Signature User
Web Server Prove identity of Web servers Signature and
Encryption
Computer
Workstation
Authentication
Authenticate workstation to
servers
Signature and
Encryption
Computer
Table 12-1. Default Certificate Templates (Continued)
410 Microsoft Windows Server 2008 Administration
a Stand-alone CA? Will we allow certificates to be requested through a Web site? For this
exercise, we will install and configure AD Certificate Services to be an Enterprise CA. We
will also enable certificates to be requested through a Web site.
NOTE The server on which you are installing AD Certificate Services must be a member of a
domain, and you must perform the installation with a user account that has permissions to add the
CA as the enterprise root CA.
1. Open Server Manager.
2. Click Add Roles to open the Add Roles Wizard.
3. Click Next on the Before You Begin screen.
4. Select Active Directory Certificate Services, and then click Next (Figure 12-1).
Pages:
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447