Set Up Certification Authority Web Enrollment Support

Applies To: Windows Server 2008

Active Directory Certificate Services (AD CS) Web enrollment support can be installed on any computer running Windows Server® 2008 Standard, Windows Server 2008 Enterprise, or Windows Server 2008 Datacenter. The certificate enrollment data can come from a certification authority (CA) on a computer running Windows Server 2008, a CA on a computer running Windows Server 2003, or from a non-Microsoft CA.

The following procedure can be used if none of the AD CS role services (such as a CA) have been installed on this computer.

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

To install Web enrollment support

  1. Click Start, point to Administrative Tools,and then click Server Manager.

  2. Click Manage Roles. Under Active Directory Certificate Services, click Add role services. If a different AD CS role service has already been installed on this computer, select the Active Directory Certificate Services check box in the Role Summary pane, and then click Add role services.

  3. On the Select Role Services page, select the Certification AuthorityWeb Enrollment Support check box.

  4. Click Add required role services, and thenclick Next.

  5. On the Specify CA page, if a CA is not installed on this computer, click Browse to select the CA that you want to associate with Web enrollment, click OK, and then Next.

  6. Click Next, review the information listed, and click Next again.

  7. On the Confirm Installation Options page, click Install.

  8. When the installation is complete, review the status page to verify that the installation was successful.

Additional considerations

  • Installation of the Web enrollment pages configures the computer as a registration authority. This computer is also known as a "CA Web proxy" or a "Web enrollment station."

Additional references