• add role using Domain Admin account

w2k8-pki-install-1.png

– click “next”

w2k8-pki-install-2.png

– click “next”

w2k8-pki-install-15.png

choose first three options and approve dependencies(picture above).

w2k8-pki-install-16.png

– click “next”

w2k8-pki-install-4.png

choose “Enterprise”

– click “next”

w2k8-pki-install-17.png

choose “Subordinate” – 1 Level

– click “next”

w2k8-pki-install-7.png

create private key for this CA

w2k8-pki-install-18.png

do not enable “Use stron private…..this is only good in Root CA

– click “next”

w2k8-pki-install-19.png

Type more official name in “Common name”

– click “next”

w2k8-pki-install-20.png

choose method for sending certificate request(in AD the best method is first one(like on picture)

– click “name”

w2k8-pki-install-11.png

default location for database is sufficient in most cases however you can change it if you wish

– click “next”

w2k8-pki-install-21.png

– click “next”

w2k8-pki-install-22.png

besides defaults role services I added IP and Domain restrictions for future purposes

– click “next”

w2k8-pki-install-23.png

– click “Install” to start installation

w2k8-pki-install-24.png

 

w2k8-pki-install-25.png

 

– click “close” to finish installation.

  •  check your Sub CA console

w2k8-pki-install-26.png

w2k8-pki-install-27.pngÂ

  • disable Root CA for security reason.

  dzbanek 2013-01-04