Installation Certificate Authority on Windows Server 2016 DC Guide

Installation Certificate Authority on Windows Server 2016 DC Guide

  1. Open Server Manager – Manage – Add Roles and Features
  2. Select: Active Directory Certificate Services


3. Click Add Features and Click Next To Continue.

4. Click Next To Continue.

5. Certification Authority and  Certification Authority Web Enrollment



6. Click on  Install To Process Installation of CA Authority Feature. 

7. Click on Close Once Installation Is Complete.

8. To Configure Active Directory Certificate Services to review the installation status.


9. Select Next To Specify credential to configure role services.

10. Select Certificate Authority and Certification Authority Web Enrollment

11. Select  Enterprise and Click Next.

12. Select Root CA and Click Next. 

13. Select Create a New Private key and Click Next.

14.  Select RSA 256  – Keep  Default with 2048 key Character length

Please note SHA256 as SHA1 is deprecated 

To Upgrade your existing internal CA –

certutil-setregca\csp\CNGHashAlgorithm SHA256

*download Digicert Certutil.

15. Keep all Common Name, Distinguished name Suffix, Preview DN default,  Click Next

16.By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next

17. Keep Certificate database location and log location default. and Click Next.

18. Review Configuration Summary Page  and Click Configure.

18. This should complete the CA Certificate Server. -Click Close

19. Set 443 or Secure Socket Layer protocol for Certsrv Web.

Let us see how to Request a Create a Simple Cert from Internal Certificate Authority

Now if you Open IIS Manager, you will see “CertSrv”  a Virtual Directory Created,

Use the right side column “Browse *.443(https)


20. If you don’t see a “Browse *.443(https) , It means binding is not there.

To add binding – Right Click on Default Web Site – Click on Edit Bindings


21. Click on add HTTPS – 443 – Choose the CA Cert

SSL Certificate :

Now you can see 443 in your website.


Now CA Authority Server Installation and Configuration Is complete.

22. Validate CA Certificate Home Page is working.. Go to  https://localhost/certsrv or IP/FQDN Where CA Certificate Server is installed at.

For Example:



Windows Server 2016″ Create CSR and Install SSL Certificate with DigiCert Utility.

Leave a Reply

Your email address will not be published. Required fields are marked *