@vmanalyst!

Windows Servers

Configure Certificate Authority Server in Windows 2022

By C A Thomas #, #

Loading

Without a CA, you are going to see that annoying warning as you connect to your vCenter, VCD, ESXi, vRealize that your connection is insecure. Signing them to a CA eliminates the need of accepting the warnings that arise every time you open a web session to connect VMware products. I am going to install CA on my existing AD server but on production, you should always have this role in a separate VM.

1-  Open the Server Manager and then select Add Roles and Features.

2- Click Next to continue

3- Select role-based installation and click Next

4- Highlight the server we wish to install the CA role

5- Under the Server Roles, select the Active Directory Certificate Services.

Click Add Features to Continue

I wonder_005.jpg

6- Once the Features are added, you will see the option ticked as shown

7- Click Next to Proceed

8- Click Next to Proceed

9– Select Certification Services Certification Authority & also Web Enrollment and click Next.

10– Click Next.

11- Click Next to Continue

12- Review and Click Install

10- Select Restart the destination server and Click Install

I wonder_010.jpg

13- This will now take a few minutes

14- Once the ADCS role is installed, the results will show the state and will then need to do the post-install config

15- Under Server Manager dashboard > Choose to Configure CA

16- We now need to complete a few more tasks post-deployment of services for CA to work

17- Select Certificate Authority and Web Enrollment

17- Just keep the default options and click Next.

I wonder_020.jpg

18- Tick Certification Authority and click Certificate Enrollment Web Service.

19-  Choose Enterprise CA as our server is joined to the domain.

20- Deploy a Root CA. A subordinate CA Is chosen when you have a Root CA elsewhere where can make this new server a member.

21- Create a new private key for our CA

22- Choose the key length and Click Next to Continue

23- Provide the CA with a name and click Next.

24-  For a lab, choose something like 5 years and click Next.

25-  Click Next to Continue

26- Click Configure to finish the post-configuration process

27- Finally we have a CA Server ready for use

28- Launch Certification Authority from Tools – Certification Manager to view the list of CA’s issued

29- Validate if web enrollment works.

Exporting the Root CA Certificate

Step 1. Right-click and choose Properties. We can see Certificate #0 in the list which is the public certificate for the CA server. Click the View Certificate option

Step 2. This will show a summary view of our root CA

Step 3. Hover over to the Details tab

Step 4. Select Copy to File OptionI wonder_033.jpg

Step 5. Select Base-64 and click Next.

Step 6. Choose a location on our server and click Next.

Step 7. Complete the wizard

Step 8. If we open the file, we will see something like this which we will need on the devices that need CA registration.

(Visited 58 times, 1 visits today)

By C A Thomas

Chinchu A. Thomas is an Infrastructure Analyst specializing in Microsoft Azure, the Microsoft 365 suite, AWS, and Windows infrastructure management products.

Leave a Reply