Install and Configure AD CS with Windows Server Core | Utimaco Integration Guides

Join the domain by running the command

›_ Console
`> netdom join $(hostname) /domain:<full_DNS_domain_name> /userd:<user_name> /passwordd:<password>`

Restart the machine after joining the domain by running the command

›_ Console
`> shutdown /r /t 0`

Enable WOW64 if you are working with 32-bit applications

Run PowerShell as admin user

Install CA binaries via PowerShell, by running the command

›_ Console
`> PS> Add-WindowsFeature ADCS-Cert-Authority --IncludeManagementTools`

Configure CA via PowerShell, by running the command

›_ Console
`PS> Install-AdcsCertificationAuthority –AllowAdministratorInteraction – caType EnterpriseRootCA –CryptoProviderName ECDSA_P256#HSM_KSP_NAME – KeyLength 256 –HashAlgorithmName SHA256`

Example

›_ Console
`PS> Install-AdcsCertificationAuthority –AllowAdministratorInteraction – caType EnterpriseRootCA –CryptoProviderName "ECDSA_P384#Utimaco CryptoServer Key Storage Provider" –KeyLength 384 –HashAlgorithm SHA384 - CACommonName Root-CA`

›_ Console

PS> Install-AdcsCertificationAuthority –AllowAdministratorInteraction –
caType EnterpriseRootCA –CryptoProviderName "ECDSA_P384#Utimaco
CryptoServer Key Storage Provider" –KeyLength 384 –HashAlgorithm SHA384 -
CACommonName Root-CA

If you are using Smartcard Authentication, the prompt will go on the PIN Pad device to insert Smartcard and enter the pin. Then press OK button on the PIN Pad.

When the confirmation message appears, type A and press Enter

To verify that the CA service has started, open a command prompt, and run the command

›_ Console
`> sc query certsvc`