Configure Active Directory Certificate Services

To configure Active Directory Certificate Services:
  1. Click Configure Active Directory Certificate Services on the destination server in the Server Manager notifications.

  2. Click Change besides the Credentials box.

  3. Enter an account that belongs to the Domain/Enterprise Admin group, click OK, and then click Next.

  4. Configure Certification Authority and Certification Authority Web Enrollment by selecting role services, and click Next.

  5. Select Enterprise CA, and click Next.

  6. Select Root CA, and click Next.

  7. Select Create a new private key and click Next.

  8. Set the Cryptography provider to RSA#Microsoft Software Key Storage Provider.

  9. Set the Key Length to 4096 bits.

  10. Set the hash algorithm to SHA256, and click Next.

  11. Enter a unique name for the CA such as <MSCA-Proxy> and then click Next.

  12. Set the validity period 25 years.

  13. Configure the location for the certificate database and certificate database logs.

  14. Click Next.

  15. Click Configure, and click Close.