Wednesday, November 30, 2011

How to Create a Certificate Authority with Windows Server 2008 R2 DC

Logon to the DC...

Add New Role -> Next
Select Active Directory Certificate Services -> Next
Select Certificate Authority -> Next
Select Enterprise -> Next

Select Root CA -> Next
Create a new private key -> Next
Left deafults (RSA#Microsoft Software Key Storage Provider, 2048, SHA1) -> Next
Name Common name for the CA can't be the same as the FQDN -> Next
Leave it set to 5 years  -> Next -> Next -> Install
Open a command prompt with Admin Access (Right click "Run As Administrator")
Type MMC, press Enter
File Add/Remove Snap-ins
Select Certificates -> Click Add -> Select Computer Account -> Click Next -> Local Computer -> Finish
Click Ok

Navigate to Console root -> Certificates (Local Computer) -> Personal -> Certificates -> Right Click in right window
Right Click All Tasks -> Request New Certificate
Click Next -> Select Active Directory Enrollment Policy -> Click Next
Check Domain Controller & Domain Controller Authentication -> Click Enroll

Source: Link


  1. Open the Ldp snap-in. To open Ldp, click Start. In Start Search, type ldp. Right-click the Ldp icon on the Start menu, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.
  2. Click the Ldp Connection menu, and then click Connect. In Server, type the host name (FQDN) of the server to which you want to connect. Ensure that Port is set to 636, the Connectionless check box is cleared, and the SSL check box is selected, and then click OK. If you receive a message that says “Cannot open connection,” LDAP-over-SSL binding is not configured properly.
  3. Click the Connection menu, click Bind, and then click OK.
  4. The command output should display the user name and domain name that you used for binding, if LDAP over SSL is configured properly.

Source:  Link

ShareThis