A. A certificate server provides a trusted authority to confirm a private key user’s identity. A domain normally has a hierarchy of certificate servers. An Enterprise root Certificate Authority (CA) grants itself a certificate and creates subordinate CAs. The root CA gives the subordinate CAs their certificates, but the subordinate CAs can grant certificates to users.

A domain needs an Enterprise CA to let clients request certificates, such as an Encrypting File System (EFS) recovery certificate. To install an Enterprise CA, perform the following steps.

  1. Start the Control Panel Add/Remove Programs applet.
  2. Click Add/Remove Windows Components to start the Windows Components wizard.
  3. Click Next when the welcome screen appears.
  4. When the list of components displays, select the Certificate Services checkbox and click Next.
  5. Then, you need to select the type. Types include the following:
    Enterprise root CA
    Enterprise subordinate CA
    Standalone root CA
    Standalone subordinate CA
    Select Enterprise root CA, as the Screen shows, and click Next.

  6. Click here to view image

  7. Enter a CA name and other information about the organization, as the Screen shows. Click Next.



  8. Accept the default location for the certificate database (i.e., %systemroot%\System32\CertLog). Click Next.
  9. If Microsoft IIS is running, the service will stop and a dialog box will display. Click OK.
  10. A list of files to copy will generate, and the files will install. Service and system configurations will also install. You might need to insert the Windows 2000 Server CD-ROM.
  11. When the wizard completes, click Finish.

The Microsoft Management Console (MMC) Certificate Authority snap-in will now contain a shortcut in the Administrative Tools folder.