Install Microsoft Certificate Services in Enterprise CA Mode
Microsoft Certificate Services will be installed in Enterprise CA mode on the domain controller. There are several advantages to installing the CA in enterprise mode versus standalone mode. These include:
•The root CA certificate is automatically entered into the Trusted Root Certification Authorities certificate store on all domain member machines
•You can use the Certificates MMC
•All machines can be assigned certificates using the Active Directory autoenrollment feature
•All domain users can be assigned user certificates using the Active Directory autoenrollment feature
Note that you do not need to install the CA in enterprise mode. You can install the CA in standalone mode, but we will not cover the procedures involved with installing the CA in standalone mode or how to obtain a certificate from a standalone CA in this ISA Server 2004 Configuration Guide series.
Perform the following steps to install the Enterprise CA on the EXCHANGE2003BE domain controller computer:
1.Click Start, then point to Control Panel. Click on Add or Remove Programs.
2.In the Add or Remove Programs window, click the Add/Remove Windows Components button on the left side of the window.
3.On the Windows Components page, scroll through the list and put a checkmark in the Certificate Services checkbox. Click Yes in the Microsoft Certificate Services dialog box informing you that you may not change the name of the machine or the machine’s domain membership while it is acting as a CA. Click Yes to continue.
4.Click Next on the Windows Components page.
5.On the CA Type page, select the Enterprise root CA option and click Next.
ISA Server 2004 Configuration Guide | 18 |