Installing Enterprise CA for AD FS on Windows Server 2012

Installing Enterprise CA for AD FS on Windows Server 2012

This video will look at how to install and setup Active Directory Certificate Services (AD CS) for use with Active Directory Federation Services (AD FS) on Windows Server 2012. Check out for more of our always free training videos. This video only performs a basic setup, if you are planning to use certificates in your organization you should perform additional research on certificates to ensure that the certificate hierarchy that you install meets the requirements of your organization.

Download the PDF handout

Demonstration role installation
The server used is Windows Server 2012 Standard. The base install has been performed and the server added to the domain.
1) To install the Active Directory Federation Services role, open Server Manager from the quick launch bar and then select the option on the welcome screen “Add roles and features”. This will start the add/roles and features wizard.
2) For the first few screens the default will be selected. This will select the local server to install the role on.
3) On the “Select server roles” screen, tick the component “Active Directory Certificate Services”. When this is ticked, the wizard will also prompt for the feature “[Tools] Certification Authority Management Tools” to be added if it is not already installed.
4) On the “Select features” screen, no additional features are required so it is safe to press next and move on.
5) The next screen of the wizard is the Certificate Services welcome screen. Additional information about certificate services is displayed here. Once next is pressed, the next screen will be about configuration of the Certificate Services components.
6) On the “Select roles services” screen the administrator needs to decide which components of certificate services that they want to install. In this case the only component that is required is the default component “Certification Authority” so this can be left ticked and next can be pressed.
7) On the “Confirm installation Services” this will show the options that were chosen in the wizard, once the install button is pressed the install will start. It is just a matter of waiting until the role has been installed before it can be configured.

Demonstration configuration the role
Once the “Certification Authority” component of the Active Directory Federation Services role has been installed, it next needs to be configured.
1) To configure the role, open Server manager and select the exclamation mark next to the flag at the top of Server Manager. From the pull down menu, select the option “Configure Active Directory Certificate Services on the destination server” to start the configuration wizard.
2) The first screen of the wizard will ask which user that you want to use to perform the configuration. The user needs to be a member of the Enterprise Admin group and also have administrator rights on the local server.
3) The next screen asks which components of Active Directory Certificate Services that you want to configure. In this particular case, only the “Certification Authority” component was installed and is required to issue certificates. Once the “Certification Authority” component has been ticked the next button can be pressed to move on to the next screen of the wizard.
4) On the screen “Specify the setup type of the CA”, in this case the default option of “Enterprise CA” will be selected. An Enterprise CA works with Active Directory to issue certificates. In a later video the Standalone CA will be looked at when the install for HighCostTraining is performed.
5) The screen “Specify the type of CA”, the option “Root CA” will be selected. This performs an install that allows certificates to be installed that does not require other CA’s in order to operate. In order to have better security it is recommend to use the subordinate CA and have a secure Root CA in the company or use a 3rd party certificate authority. In order to keep the install simple in this video, the option for “Root CA” was selected and means that no other CA’s are required.
6) For the “Private Key”, “Cryptography”, “CA Name”, “Validity Period” and “Certificate Database” the default options were selected. If you are performing the install in a production environment, you should have a look at the options on these screens to determine if the options are right for you.
7) On the “Confirmation” screen this will show all the options that have been selected. Once the “Configure” button is pressed this will start the configuration of the role.

Description to long for YouTube. Please see the following link for the rest of the description.

See for our always free training videos. This is only one video from the many free courses available on YouTube.

Add Comment