Local Certificate Authority Installation For SCOM 2012 R2

The certification authority will be installed on MSS003. There are no prerequisites for this step.

Log on MSS003 with a local administrator account. Open the Server Manager console, right-click on Roles and select Add Roles.


On the Before you begin window, click next.


Select Role-based or feature installation, click next.


Select a server from the service pool, insure that you choose the server, then click next.


Select Active Directory Certificate Services.


Click add feature.


Select Active Directory Certificate Services then next.


Click Next.


Leave the introduction screen.


Select Certification Authority Web Enrollment, a pop-up appears, click on Add Required Role Services.


Validate that Certification Authority and Certification Authority web enrolment is selected then click next


Click Next.


Leave all the selected, then click next.


Validate and then click Install.

image 

Wait the installation.


Don’t close the window click on Configure active directory Certificate Service on the destination server.


Don’t change anything, Click next.


Select Certification authority and Certification authority web enrolment.


Select Standalone.

SNAGHTMLfbeb728

Select Root CA.


Select Create a new private key.


Leave the default parameters.

SNAGHTMLfbf942a

Enter a name for the Certification Authority, SCOM2k12R2-CA.

SNAGHTMLfc0b47f

Enter a large enough validity period for the CA, 30 years.


Leave the default parameters and click next.


Validate the configuration then click configure.


Wait until the configuration finished.


Insure that all configured successfully then click close.


Click Close,

SNAGHTMLfc22f57

Validate that the server working well by open IE and type http://Servername/certsrv/


By default the certificates issued by the CA will be 1-year valid. To change this value edit the registry key HKLM\SYSTEM\CurrentControlSet\Servi

Ces\Certsvc\Configuration\SCOM-CA\

ValidityPeriodUnits (Now set to 20 years)


Restart the certsvc service by running the following commands:

net stop certsvc

net start certsvc



Advertisements

Leave a Reply Please

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s