If you are working with Active Directory in any enterprise type environment, more than likely the environment will also have Certificate Services deployed. Working with System Center, there are various uses of Certificate Services for the different components in the suite.

So, if you wanted to mimic an enterprise environment in your lab, you will need to first install Active Directory so that a domain will exist, and then you will need to install the Certificate Services role/feature. Once Certificate Services is installed though, you will still need to configure it before being able to work with it.

Start by launching the Active Directory Certificate Services (AD CS) Configuration Wizard.

On the Credentials page, supply appropriate credentials and then click Next.

AD CS Configuration 01

On the Role Services page, select Certification Authority and then click Next.

AD CS Configuration 02

On the Setup Type page, select Enterprise CA and then click Next.

AD CS Configuration 03

On the Specify CA Type page, select Root CA and then click Next.

AD CS Configuration 04

On the Set Up Private Key page select Create a new private key and then click Next.

AD CS Configuration 05

Leave the defaults on the Configure Cryptography for CA page, and then click Next.

  • Important: CSP, Hash Algorithm and Key length must be selected to meet application compatibility requirements.

AD CS Configuration 06

On Configure CA Name page, enter Domain Root CA (ex. SC LAB Root CA) in the Common name for this CA field, and then click Next.

AD CS Configuration 07

On Set Validity Period page enter 10 Years, then select Next.

AD CS Configuration 08

Keep the default on the Configure Certificate Database page, and then click Next.

AD CS Configuration 09

On the Confirmation page, click Configure.

AD CS Configuration 10

Review the information on the Results page to verify that the installation is successful and then click Close.

AD CS Configuration 11

You now have Active Directory Certificate Services installed.

Here is a video walk through: