How to set up CA server on server 2012

1.      Installationenvironment

(1)   windows edition: windows server 2012 standard

(2)   System type: 64-bit Operating system, x64-basedprocessor

(3)   Processor: Intel(R) Xeon(R) CPU E5620 @2.40GHz2.39GHz

(4)   Installed memory(RAM): 8.00G

2.      installCA server

（1）     open the Server Manager->select Dashboard->clickAdd roles and features->next

（2）     select Role-based or feature-basedinstallation->next

（3）     select a server from the server pool->next

（4）     select Active Directory Services->next

（5）     select .Net Framework3.5 Features->next->next

（6）     select CertificationAuthority&&Certification Authority Web Enrollment->next

（7）     click Add features->Addfeatures->next->next

（8）     select Web server in roles services->next

（9）     click install

3.      configureCA server

（1）     click the yellow flag on the title->clickConfigure Active Directory Certificate Services

（2）     select Credentials -> next

（3）     select Certification Authority&& CertificationAuthority Web Enrollment ->next

（4）     select standalone-CA -> next

（5）     select root-CA -> next

（6）     select create new private key ->next

（7）     set the Key length->next

（8）     set CA-name ->next

（9）     set term of validity->next

（10）  setthe location of CA database ->next

（11）  selectWindows integrated authentication->next->next

（12）  clickconfigure

（13）  complete

（14）  visitthe URL “IP/certsrv/”, confirm installation success.

4.      installNDES(SECP)

the process is similar to CA server.

5.      FAQ

(1)   How to disable the challenge password?

1)     Click Start enter regedit in the search bar.

2)     Navigate to Computer > HKEY_LOCAL_MACHINE> SOFTWARE > Microsoft > Cryptography > MSCEP > EnforcePassword.

3)     Ensure that the EnforcePassword valueis set to 0 (the default value is 1).

(2)   How to set static challenge password?

1)     Ensure that the UseSingle Password valueis set to 0 (the default value is 1).

(3)   How to set the Valid date of CA Certificate?

1)   click the following registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>

2)   In the right pane,double-click ValidityPeriod.

3)   In the Value data box,type one of the following, and then click OK:

4)   Days/Weeks/Months/Years

5)   In the right pane,double-click ValidityPeriodUnits.

6)   In the Value data box, type the numericvalue that you want, and then click OK. For example, type 2.

Restart CA server.