Deploy Certificate Authority on Windows Server 2016 Using PowerShell

In this blog post, I’ll show you to Deploy an Enterprise Certificate Authority (CA) on Windows Server 2016 using PowerShell.

Certificate Authority

A Windows Enterprise CA Server Is Domain Joined Server that Issues trusted digital Certificates to clients and Servers on the network.

Once the Enterprise CA Issues a certificate, the Web Server becomes trusted by all the computers on the Domain automatically.

The most common use of certificates is for Web Servers and Web Services that are using HTTPS.


In my case, I’m going to Install an Enterprise CA using PowerShell using two cmdlets.

Install Server Role

The First step In this process Is to Install the Windows Server Certificate Authority Server Role which will activate all the binaries on the Server.

To Install the CA Role, I’ll use the cmdlet below:

Add-WindowsFeature adcs-cert-authority

Once it’s done, I’ll continue with the configuration without needing to restart the server

Deploy Enterprise Certificate Authority (CA)

Now, That I my Server Role Installed and Configured I’ll deploy my CA using the cmdlet below:

Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName "ECDSA_P256#Microsoft Software Key Storage Provider" -KeyLength 256 -HashAlgorithmName SHA256

This cmdlet will an enterprise CA with 5 years validation period with 256 KetLength.

Once completed, I don’t need to restart the server

Install Management Tools

Because I Installed the CA on Windows Server Core 2016 without GUI and Management Tools, I’ll Install the tools on my Management Server using the cmdlet below:

Add-WindowsFeature RSAT-ADCS,RSAT-ADCS-mgmt

Once completed, I’ll use the Certificate Authority Management Console to manage my CA

PowerShell Module

I have to Say that the CA PowerShell module Is very limited and not really practical to use.

The module comes with 15 cmdlets only, to view them I will use the cmdlet below.

Get-Command -Module AdcsAdministration
CA PowerShell Module


Windows Server 2016 Certificate Authority (CA) Is one of the most used and successful Server Role available on Windows Server.