Get rid of those annoying self-signed certificates with Microsoft Certificate Services, Part 3
--
In Part 1 of the guide, we introduced Certificate Services and we discussed the design and the plan to deploy these services.
In Part 2, we installed and configure the Web Server used to distribute Certificate Revocation Lists (CRLs), requests and issue certificates and create a CNAME DNS record for the Web Server.
In this part, we will install and configure the Standalone Root CA. Let’s get to work!
Requirements:
Install a server with Windows Server 2016 or 2019 for the Standalone Root CA server, set a name for the server, configure the computer with a static IP address and don’t join the machine to the domain. This server will be Off-domain and Off-line after we completed the setup.
Installing Standalone Root CA:
Open Server Manager, click on the Add Roles and Features option, Role-based or feature-based installation type and choose Active Directory Certificate Services under Server Roles.
Ensure you choose only the Certificate Authority role for the Root CA.
Confirm the installation options:
Setup the Root CA Certificate Services:
After Certificate Services is installed, start the configuration wizard from Server Manager, clicking on the More link:
Click on the Configure Active Directory… link
