- add role using Domain Admin account
– click “next”
– click “next”
choose first three options and approve dependencies(picture above).
– click “next”
choose “Enterprise”
– click “next”
choose “Subordinate” – 1 Level
– click “next”
create private key for this CA
do not enable “Use stron private…..this is only good in Root CA
– click “next”
Type more official name in “Common name”
– click “next”
choose method for sending certificate request(in AD the best method is first one(like on picture)
– click “name”
default location for database is sufficient in most cases however you can change it if you wish
– click “next”
– click “next”
besides defaults role services I added IP and Domain restrictions for future purposes
– click “next”
– click “Install” to start installation
– click “close” to finish installation.
- check your Sub CA console
Â
- disable Root CA for security reason.
dzbanek 2013-01-04