Install an Enterprise Certificate Authority in Windows 2008 R2
based on: aaronwalrath.wordpress.com
How to set up an enterprise certificate authority (CA) in a Windows Server 2008 R2 Active Directory domain. The steps needed to configure this are fairly simple and straightforward. Having your own CA is useful for testing SSL and other services that require certificates without the need to purchase certificates from a third party. However, these certificates will not be automatically trusted by computers external to your AD domain, so there are some limitations.
First, start the Server Manager.
Click Add Roles under Roles Summary.
Check the Active Directory Certificate Services role and click Next.
Under Role services check Certification Authority and Certification Authority Web Enrollment. The Web Enrollment service is useful if you choose to make requests for certificates from computers that are not members of your AD domain. If you have not yet installed all of the IIS components the Web Enrollment service needs, it will ask for prerequisites to be installed. Go ahead and accept these, then click Next.
Keep the default and use an Enterprise CA, click Next.
This if my first and only CA, so I’ll choose Root CA and click Next.
This is a new CA without existing keys so select Create a new private key and click Next.
Keep the default CSP, hashing method, and key length and click Next.
Keep the defaults and click Next.
Accept the default database locations and click Next. Then at the confirmation screen click Install. Done!