Installing the FIM CM CA Files

Applies To: Forefront Identity Manager Certificate Management

You can install FIM CM and the CA on the same server or on separate servers. Since installing the FIM CM Server with the CA is rare, the following steps cover the situation of installing the CA separately. If you have already collocated FIM CM and the CA, then you do not need to perform the steps in covered in this section.


  1. FIM CM installation makes changes to the CA policy module, which requires the issuing CA certificate service to be restarted. The restart will happen automatically.

  2. The CA modules can be installed on a 32-bit Windows Server 2003 CA or on a Windows Server 2008 installation with AD CS.

  3. Ensure that the computer on which you want to install the FIM CM CA Files has the .NET 3.5 framework installed (available through Server Manager, Features).

  4. If your organization is using a Hardware Security Module (HSM), follow the HSM vendor’s installation instructions. Remember the certificates generated using the HSM vendor’s CSP must also be backed up for disaster recovery purposes. To see examples for installing specific vendor HSMs, see the following TechNet Wiki articles Installing and Configuring an nCipher Hardware Security Module (HSM) with FIM CM 2010 ( and Installing and Configuring a LunaSA Hardware Security Module (HSM) with FIM CM 2010 (

To install the FIM CM CA Files

  1. Log on to the computer where you want to install the FIM CM CA Files, which will allow you to configure the FIM CM Policy Module and FIM CM Exit Module.

  2. At a command prompt, run the certutil -csplist command to review the CSPs that are installed on the computer. If the appropriate CSPs are not installed, see your vendor documentation to install the appropriate CSPs on the server that hosts the FIM CM Portal.

  3. From the FIM CM installation CD, run Certificate Management.msi.

    Certificate Management.msi is located at Drive\certificate management\. Drive is the name of your CD or DVD drive.

  4. On the Welcome to the Forefront Identity Manager Certificate Management Setup Wizard page, click Next.

  5. On the End User License Agreement page, read the license terms, select the I accept the terms in the license agreement check box, and then click Next.

  6. On the Product Key page, type a valid product key, and then click Next. If you do not enter a valid product key, the installation software installs FIM CM as an evaluation copy, which you can use for 180 days.

  7. On the Custom Setup page, select CM CA Files and CM System Files.

  8. To change where you install the files, click Change, select a different location, and then click OK. The default installation path is <ProgramFiles>\Microsoft Forefront Identity Manager\2010.

  9. To prevent the FIM CM Portal and FIM CM Update Service from installing, on the Custom Setup page, in the list next to those options, click the down arrow and then click This feature will not be available.

  10. On the Custom Setup page, click Next.

  11. On the Forefront Identity Manager Certificate Management page, click Install.

  12. On the Forefront Identity Manager Certificate Management Installation Complete page, click Finish.

Previous topic

Installing the FIM CM Server

Next topic

Configuring FIM CM

See Also


Installing and Configuring FIM CM Infrastructure