Installing Enterprise CA for AD FS on Windows Server 2008 R2
Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
This video will perform a basic Active Directory Certificate Service (ADCS) install to provide a certificate for use with Active Directory Federation Services (ADFS). The video looks at how to create a template for use with ADCS. If you have an existing certificate service on your network, you can use the procedure in this video to add a template to your existing certificate server.
Download the PDF Handout http://ITFreeTraining.com/handouts/federation/enterprise-ca-2008.pdf
Demonstration installing the CA
1)To start the install, open Server Manager from the quick launch bar. 2)From Server Manager, select Roles from the left-hand side and then from the right-hand side select the option “Add Roles” to install the add roles wizard. 3)Once past the welcome screen select the role “Active Directory Certificate Services” and press next to start the Certificate Services part of the install. 4)The next screen is the information screen for the Certificates role. Press next to skip it. 5)The next screen displays all the different components that can be installed as part of the certificate role. In this case the only component that is required is “Certification Authority”. Tick this option and then press to move on to the next screen of the wizard. 6)On the next screen select the option of Enterprise CA. This is one of the two options to install. The Enterprise option requires the server to be a member of the domain. In later videos the standalone option is looked at to provide certificates for ADFS. 7)The next screen you need to decide is if the install is to be Root CA or Subordinate CA. In this case Root CA is selected because there are no other CA’s on the network. For better security a certificate hierarchy could be setup, but this video uses a simple install aimed at providing a working certificate for use with ADFS. 8)For the rest of the wizard all the defaults were accepted. In a production environment you may want to consider changing some of these options, for example changing the key size used for the certificate that is created for the Root CA.
Demonstration configuring the CA
1)To configure the certificate authority, select “Certification Authority” under “Administrative Tools” under the start menu. 2)Once open, expand down to Certificate Templates, right click it and select the option “Manage”. This will bring up a list of all the certificate templates that are currently configured on this server. 3)There is no default template for ADFS so the best option is to find a template that is simpler to the one required and then make changes to it. In this case, select the template “Web Server”, right click it and select the option “Duplicate Template”. 4)When duplicating the template you will be asked which version of Windows you want to use the certificate with. In this case the option “Windows Server 2008 Enterprise” was selected. When creating templates you need to work out which is the lowest operating system that the template will be used with. In this case, no ADFS server lower than Windows Server 2008 R2 will be used so it is safe to use the option “Windows Server 2008 Enterprise”.
5)Once the template has been duplicated, the properties for the certificate template will automatically be opened.
Description too long for YouTube. Please see following link for the rest of the description: http://itfreetraining.com/federation#/enterprise-ca
References None
windows server
