WindowsServer2012R2

How to Install and Configure SSL Certificate on Windows Server 2012 R2

How to Install and Configure SSL Certificate

Hyper Text Transfer Protocol Secure (https) website is encrypted site. Encrypted site means that website is secured. HTTPS site is secured by using Secure Sockets Layer (SSL). SSL certificates are issued by the Certificate Authority (CA). We can check that particular website is HTTPS or not by checking a ‘green colour lock‘ and httpsin the address bar before the website name. For example, all banking websites are working on https. Some of the examples of secure websites are “https://www.google.com“, “https://www.facebook.com” and many more. In this article, we’ll learn the steps to install and configure SSL certificate server and CA.

Install and configure SSL certificate would encrypt (secure) our website so that no one can easily decode the information or data transferred by web servers to the clients. Sharing confidential information over internet is not safe that is why https is used to encrypt our data for safe transfer.

Steps to install and configure SSL Certificate on Windows Server 2012 R2.

1. To install and configure SSL certificate server, we need to install the “Active Directory Certificate Services” role.  Open “Server Manager” and click on “Add roles and features“.

HowToInstallAndConfigureCertificateServer (1)

2. Please ensure that password is set for local Administrator and valid static IP address is assigned to the Server. Click next to continue.

HowToInstallAndConfigureCertificateServer (2)

3. Select an option “Role-based or feature-based Installation” and click on next.

HowToInstallAndConfigureCertificateServer (3)

4. Select the server from the pool on which we need to install and configure SSL Certificate.

HowToInstallAndConfigureCertificateServer (4)

5. Select the role “Active Directory Certificate Services” and click on next to continue.

HowToInstallAndConfigureCertificateServer (5)

6. Certain features are required to install and configure SSL Certificate Services role, click on “Add Features” to install all the dependent features.

HowToInstallAndConfigureCertificateServer (6)

7. Click on next to continue.

HowToInstallAndConfigureCertificateServer (7)

8. From features window, you can select additional features if required, however in this practical it is not required, therefore click on next to continue.

HowToInstallAndConfigureCertificateServer (8)

9. The name and domain settings of the computer cannot be changed after a CA has been installed on the Server. Therefore make the changes before installing the role.

HowToInstallAndConfigureCertificateServer (9)

10. From the “Role Services”, select “Certificate Authority” and “Certificate Authority Web Enrollment”. Certificate authority web enrollment allows users to request new, renew, revoke certificates, etc using Web console.

HowToInstallAndConfigureCertificateServer (10)

11. Web Server (IIS) role is required for end users to request, renew, revoke certificates.

HowToInstallAndConfigureCertificateServer (11)

12. Click on next to continue.

HowToInstallAndConfigureCertificateServer (12)

13. Add roles and features wizard, would explain about the importance of “Web Server Role”.

HowToInstallAndConfigureCertificateServer (13)

14. All the components of “Web Server” role are selected by default. You can add additional features by selecting them.

HowToInstallAndConfigureCertificateServer (14)

15. Select an option “Restart the destination server automatically if required”, this would restart the server if role requires the same.

HowToInstallAndConfigureCertificateServer (17)

16. Once the installation is succeeded successfully, click on “Configure Active Directory Certificate Services on the destination server” to begin the configuration wizard.

HowToInstallAndConfigureCertificateServer (18)

17. You need to be “Enterprise Admin” to configure Certificate services. Type the credentials of “Enterprise Admin” and click next.

HowToInstallAndConfigureCertificateServer (19)

18. Select the roles that we need to configure. We installed two roles i.e. “CA” and “CAWE” and click next to continue.

HowToInstallAndConfigureCertificateServer (20)

19. For the organizations normally we select “Enterprise CA”, ensure that this computer must be the member of domain otherwise this role would not be enabled.

HowToInstallAndConfigureCertificateServer (21)

20. Select “Root CA” and click on next.

HowToInstallAndConfigureCertificateServer (22)

21. Select an option “Create a new private key”.

HowToInstallAndConfigureCertificateServer (23)

22. In “Specify the cryptographics options” window, we’ll go for the default options and click on next. Make sure that “Key length” is 2048.

HowToInstallAndConfigureCertificateServer (24)

23. Specify the name of CA, we’ll select default options.

HowToInstallAndConfigureCertificateServer (25)

24. Validity period defines the validity of certificates, by default duration is 5 years but we can change it as per your Organization’s policy.

HowToInstallAndConfigureCertificateServer (26)

25. Information of certificate database and database log location is “C:\Windows\system32\CertLog”. You can change it if required.

HowToInstallAndConfigureCertificateServer (27)

26. Click on “Configure” to begin the configuration process. Click on previous if you want any modification to be done.

HowToInstallAndConfigureCertificateServer (28)

27. Green check confirms that configuration is successful for all the roles that we installed. Click on close to close the window.

HowToInstallAndConfigureCertificateServer (29)

Hope, you are clear with the steps to install and configure SSL certificate. In the future article, we’ll learn the steps to create HTTPS website.