How To Set Up A Certificate Authority In 10 Minutes

, March 28, 2012 Having a company owned certificate authority makes managing your network devices simpler and more secure. There is nothing inherently wrong with self-signed certs, but you can do better. You can build a CA issue your first certificate in about 10 minutes. Here is how to do it.
  • E-mail

The CA we are going to build is aimed solely at IT shops that need a CA but don't want to roll out an enterprise wide CA. Having an enterprise CA tied to Windows Active Directory is quite handy and Microsoft makes it pretty easy to install and manage. If your organization doesn't have a CA or you want one that you can manage yourself, follow along. Microsoft also has extensive documentation if you want to dig in deeper.

If you want to install a CA tied to Active Directory, stop reading this and go read Microsoft's documentation. You'll thank me later.

Note that I did skip simple steps like clicking next or taking the defaults. When in doubt, just click next. What can go wrong?

On Windows Server 2003 (I don't imagine this is any different in Windows Server 2008), go to Add/Remove programs->Add/Remove Windows Components and select Certificate Services. Select a stand-alone root CA. That will give you a CA independent of Active Directory.

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.