Establishing a Root CA

Installing Certificate Services

From the control panel, run Add/Remove Programs – Windows Components and select certificate services. You will need to acknowledge the message that the configuration of the computer cannot be change following the installation of certificate services. Select a Stand Alone Root CA and click next. You will then have to enter a name for your CA. A name such as cn=yourcompanyRootCA is usually sufficient. You will be required to select a storage point for the certificate database and log files. Because the storage requirements of an offline root CA are minimal, a single fault tolerant disk system such as a Raid 5 or mirrored volume will suffice. This will complete the installation of certificate services and generate the root certificate. You can view the root certificate by right clicking on your CA in the certificate services console, and clicking on the view certificate button on the “general” tab.