In this blog post, I’ll show you to Deploy an Enterprise Certificate Authority (CA) on Windows Server 2016 using PowerShell.
A Windows Enterprise CA Server Is Domain Joined Server that Issues trusted digital Certificates to clients and Servers on the network.
Once the Enterprise CA Issues a certificate, the Web Server becomes trusted by all the computers on the Domain automatically.
The most common use of certificates is for Web Servers and Web Services that are using HTTPS.
In my case, I’m going to Install an Enterprise CA using PowerShell using two cmdlets.
Install Server Role
The First step In this process Is to Install the Windows Server Certificate Authority Server Role which will activate all the binaries on the Server.
To Install the CA Role, I’ll use the cmdlet below:
Once it’s done, I’ll continue with the configuration without needing to restart the server
Deploy Enterprise Certificate Authority (CA)
Now, That I my Server Role Installed and Configured I’ll deploy my CA using the cmdlet below:
Install-AdcsCertificationAuthority -CAType EnterpriseRootCa -CryptoProviderName "ECDSA_P256#Microsoft Software Key Storage Provider" -KeyLength 256 -HashAlgorithmName SHA256
This cmdlet will an enterprise CA with 5 years validation period with 256 KetLength.
Once completed, I don’t need to restart the server
Install Management Tools
Because I Installed the CA on Windows Server Core 2016 without GUI and Management Tools, I’ll Install the tools on my Management Server using the cmdlet below:
Once completed, I’ll use the Certificate Authority Management Console to manage my CA
I have to Say that the CA PowerShell module Is very limited and not really practical to use.
The module comes with 15 cmdlets only, to view them I will use the cmdlet below.
Get-Command -Module AdcsAdministration
Windows Server 2016 Certificate Authority (CA) Is one of the most used and successful Server Role available on Windows Server.