Microsoft CA Configuration

Start Active Directory certificates services configuration.

Click Next.

Select Certification Authority and click Next.

On the Setup Type page, verify that Enterprise CA is selected, and then click Next.

On the Specify the type of the CA page, verify that Root CA is selected, and then click Next.

On the Specify the type of the private key page, verify that Create a new private key is selected, and then click Next.

On the Cryptography for CA page, keep the default settings for CSP (RSA#Microsoft Software Key Storage Provider) and hash algorithm (SHA2), and determine the best key character length for your deployment. Large key character lengths provide optimal security; however, they can impact server performance and might not be compatible with legacy applications. It is recommended that you keep the default setting of 2048. Click Next.

On the CA Name page, keep the suggested common name for the CA or change the name according to your requirements. Ensure that you are certain the CA name is compatible with your naming conventions and purposes, because you cannot change the CA name after you have installed AD CS. Click Next.

On the Validity Period page, in Specify the validity period, type the number and select a time value (Years, Months, Weeks, or Days). The default setting of five years is recommended. Click Next.

On the CA Database page, in Specify the database locations, specify the folder location for the certificate database and the certificate database log. If you specify locations other than the default locations, ensure that the folders are secured with access control lists (ACLs) that prevent unauthorized users or computers from accessing the CA database and log files. Click Next.

In Confirmation, click Configure to apply your selections, and then click Close.