A. A certificate server provides a trusted authority to confirm a private key user’s identity. A domain normally has a hierarchy of certificate servers. An Enterprise root Certificate Authority (CA) grants itself a certificate and creates subordinate CAs. The root CA gives the subordinate CAs their certificates, but the subordinate CAs can grant certificates to users.
A domain needs an Enterprise CA to let clients request certificates, such as an Encrypting File System (EFS) recovery certificate. To install an Enterprise CA, perform the following steps.
- Start the Control Panel Add/Remove Programs applet.
- Click Add/Remove Windows Components to start the Windows Components wizard.
- Click Next when the welcome screen appears.
- When the list of components displays, select the Certificate Services checkbox and click Next.
- Then, you need to select the type. Types include the following:
Enterprise root CA
Enterprise subordinate CA
Standalone root CA
Standalone subordinate CA
Select Enterprise root CA, as the Screen shows, and click Next.
- Enter a CA name and other information about the organization, as the Screen shows. Click Next.
- Accept the default location for the certificate database (i.e., %systemroot%\System32\CertLog). Click Next.
- If Microsoft IIS is running, the service will stop and a dialog box will display. Click OK.
- A list of files to copy will generate, and the files will install. Service and system configurations will also install. You might need to insert the Windows 2000 Server CD-ROM.
- When the wizard completes, click Finish.
Click here to view image
The Microsoft Management Console (MMC) Certificate Authority snap-in will now contain a shortcut in the Administrative Tools folder.