5. Click Next on the Introduction to Active Directory Certificate Services screen.
Figure 12-1. Selecting the Active Directory Certificate Services role
411 Chapter 12: Enterprise Public Key Infrastructure
6. Select Certification Authority and Certification Authority Web Enrollment
role services, and then click Next. Click Add Required Role Services when
prompted.
7. Select Enterprise as the setup type, and then click Next. Select Root CA as the
CA type, and then click Next.
8. Select Create a New Private Key to set up a private key, and then click Next.
9. By default, the CSP selected for the CA is RSA#Microsoft Software Key Storage
Provider. Leave that in the Select a Cryptographic Service Provider field and
ensure that the Key Character Length is set to 2048 bits. Select the sha1 hash
algorithm (Figure 12-2). Then click Next.
10. Enter the Common Name for This CA. By default, this field is set to DOMAINSERVER-
CA. The Distinguished Name Suffix should be set to the distinguished
name for your domain. Leave these at the default values for now and click
Next (Figure 12-3).
Figure 12-2. Configuring cryptography for the CA
412 Microsoft Windows Server 2008 Administration
Note that you cannot change the identity of your CA after it is installed, so
make sure this information is exactly what you want before proceeding.
11. By default, the validity period for this root certificate is set to 5 years.
Pages:
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448