SharePoint 2013 Install Windows Certificate Authority

This article is one in a series to setup and configure ADFS 2.0 for a SharePoint 2013 farm.  In this post we’ll walk through the procedures to setup a Certificate Authority (CA) by provisioning the Active Directory Certificate Services role.  This is necessary because ADFS uses certificates for the purpose of encrypting and signing SAML tokens.  In production you may opt to use 3rd Party Certificates from a trusted issuer and in a lab setup you may opt to use the the self-signed certificates that ADFS will provide in the absence of a certificate being available during the installation process.

Select Server

This post in no way is intended to outline how you would setup a CA for production use, but will instead guide you through the installation for a lab environment.  The lab used for this blog series includes the following machines:

  • DC1 – Windows 2008 R2 Standard Domain Controller
  • SQL1 – SQL 2012 Server Enterprise
  • SP-APP-1 – SharePoint 2013 Application Server
  • SP-WFE-1 – SharePoint 2013 Web Front End Server
  • SP-Win7-01 – Windows 7 Professional

In this example we’ll provision the Active Directory Certificate Services role on DC1.

Install Active Directory Certificate Services

  • Launch Server Manager
  • Click “Roles” in the left hand pane
  • Click the “Add Roles” link on the right hand side of the page
  • On the “Before You Begin” page click “Next >”
  • Select the “Active Directory Certificate Services” option and click “Next >”


  • Click “Next >” on the “Introduction to Active Directory Certificate Services” screen
  • On the “Select Role Services” screen select both the “Certification Authority” and “Certification Authority Web Enrollment” options and click “Next >”


  • On the “Specify Setup Type” screen select the “Enterprise” option and click “Next >” to continue
  • On the “Specify CA Type” screen select the “Root CA” option and click “Next >”
  • On the “Set Up Private Key” screen select the “Create a new private key” option and click “Next >”
  • On the “Configure Cryptography for CA” screen accept the defaults and click “Next >”
  • On the “Configure CA Name” screen select a common name and click “Next >”
  • On the “Set Validity Period” screen accept the default of 5 years and click “Next >”
  • On the “Configure Certificate Database” screen accept the default location of the database and log files and click “Next >”
  • On the “Confirm Installation Selections” screen review the settings and click “Install” to begin provisioning the CA.
  • On the “Installation Results” screen verify the components were successfully installed and click “Close”

Verify Installation

Now that the “Active Directory Certificate Services” role has been provisioned on the “DC1” domain controller we can verify it’s installed in “Server Manager”:



Active Directory Certificate Services Overview

Active Directory Certificate Services Step-by-Step Guide

Tagged with: ,
Posted in SharePoint 2013, SSL

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: