Installing Certificate Services in Windows Server 2003

To install a Windows 2003 machine as a certificate authority, the Add/Remove Programs wizard is used. Click on Start.

Use the buttons below to navigate through the lesson


Select Control Panel. Double-Click on Add/Remove Programs. Select Add/Remove Windows Components. The Windows Components wizard will appear. Check the box for Certificate Services.

A warning box will appear stating that after installing Certificate Services, the computer cannot be renamed and the computer cannot join or be removed from a domain. Click Yes to accept the warning. Click on Next to continue.

Select the type of CA to install. If Active Directory isn’t installed then the options for Enterprise CAs will be greyed out. If a subordinate CA is selected then a Root CA must be available. Click Next to continue. Type the relevant information into the boxes to identify the CA. The certificate expiration date can also be set. Click Next to Continue.

The default path for the database is the %systemroot% folder. Click on Next to accept the default. Since certificate services makes use of IIS, the IIS service will need to be restarted. Click on OK to accept. Click on Finish to close the Windows Components Wizard.

Adding Certificates to CTL

Open My Computer. Open the root drive to find the Certificate.  Open it up for a closer look. Click install certificate.  Click Next.

A system can be set up to file certificates automatically. It’s instructive to look at the choices available, however, so in this example we’ll choose the store. Click Next to continue. You might have a reason to specify folders more precisely. If so, click here…

You might have a reason to specify folders more precisely. If so, click here……and this is the sort of thing you’ll see. This isn’t required for our current example, so……we’ll put it here……and click OK.

The interesting bit is over so click Next.

The last page of the Wizard provides a chance to check details before we click finish.

Installing a Root Subordinate CA.

To install a Root subordinate CA, select Root subordinate CA. Fill out all the details in the relevant boxes. And click Next. Accept the default location for the database and click Next to continue. Specify the name of the parent CA to which a request will be sent.. Click Next to continue. To make the required changes, the IIS must be stopped and restarted. Click finish. The new certificate is installed on the Root server.