Generating a Root Certificate
Installing Certificate Services on a Windows 2000 server is a simple matter of selecting to install it from the Configure Your Server utility. Prior to installing Certificate Services, you need decide whether your server will be running as an Active Directory server. Active Directory has to be installed prior to Certificate Services if you are going to be running both on the same machine. If you have installed Active Directory on the server, you have the option of configuring Certificate Services as an Enterprise Certificate Authority. If Active Directory is not running on the server, your Certificate Services are limited to running as a standalone CA.
After you have the Certificate Services installed, you'll be taken through the process of generating the CA certificate. You'll be presented with the Certificate Services Setup Wizard, which will ask you which type of Certificate Authority you want to set up, as shown in Figure 15.3. The options are listed in Table 15.1.
Figure 15.3. Choosing the Certificate Authority type.
The next step in the process is filling in all the information for the Certificate Authority's certificate, as shown in Figure 15.4. This information includes the name for the Certificate Authority, the corporation or organization name, the name of the unit within the organization, the location, the email address, and a description of the CA.
Figure 15.4. Providing the information for the CA certificate.
The third step of the Certificate Services Setup process is specifying the location of the certificate database and log, as shown in Figure 15.5.
Figure 15.5. Specifying the location of the certificate database.
Finishing up the Certificate Services Setup Wizard, if you are creating a root CA, your CA will be up and running. If you are creating a subordinate CA, you'll end up with a certificate request that you will need to submit to another CA to have a certificate issued. After the certificate is issued, you'll import it into the Certificate Services.