How to install Active Directory Certificate Services for a Vista VPN

Encryption is an important part of VPN communications and it's the certificate server's job to provide the VPN server with a certificate that it can use to encrypt VPN sessions. In this step in the process of setting up a Vista VPN,

    Requires Free Membership to View

    Login

we configure the infrastructure server to take on the role of a certificate server. If this were a real deployment, you would typically install this role on a separate server.

To install the Active Directory Certificate Services, follow these steps:

  1. Log on as Administrator.
  2. Open the Server Manager.
    Vista VPN setup guide, part 2
    Learn how to configure Windows Vista workstations in part 2 of our Vista VPN setup guide.
  3. Click the Roles link.
  4. Click the Add Roles link.
  5. When the Add Roles Wizard launches, click Next to bypass the Welcome screen.
  6. Select the Active Directory Certificate Services check box and click Next.
  7. Click Next when you see the informational screen.
  8. On the following screen, choose the Certificate Authority and the Certificate Authority Web Enrollment check boxes and click Next.
  9. When Windows tells you that you must install IIS, click the Add Required Role Services button.
  10. Click Next.
  11. Verify that the Enterprise option is selected and click Next.
  12. Verify that the Root CA option is selected and click Next.
  13. Choose the option to create a new private key and click Next.
  14. When the wizard displays the Configure Cryptography for CA screen, click Next to accept the defaults.
  15. Set the Common Name to ContosoCA and click Next.
  16. Click Next to accept the default validity period of five years.
  17. Click Next to accept the default certificate database path.
  18. Click Next on the Introduction to Web Server (IIS) screen.
  19. Click Next to accept the default role services.
  20. Double-check the information shown on the confirmation screen and click the Install button.
  21. When the installation process completes, click Close.
  22. Reboot the server.

Vista VPN setup guide, part 1

  Introduction
  Set up a domain controller
  Install DHCP services
  Install Active Directory Certificate Services
  Install IIS
  Request a machine certificate
 Install the Routing and Remote Access Service role
 Configure the VPN server
  Publish the Certificate Revocation List
  Make the CRL accessible

Brien Posey
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.

This was first published in May 2008

Back to top