Configure the CA with Windows Server Core | Utimaco Integration Guides

After installing AD CS, the Certification Authority must be configured.

Configure CA via PowerShell, by running the command below.

›_ Console

PS> Install-AdcsCertificationAuthority –AllowAdministratorInteraction –caType EnterpriseRootCA –CryptoProviderName ECDSA_P256#HSM_KSP_NAME –KeyLength 256 –HashAlgorithmName SHA256

The cngtool utility by Utimaco can be used to get the CryptoProviderName. The command to list the Algorithms available in the provider is cngtool ListAlgos.

Example

›_ Console

PS> Install-AdcsCertificationAuthority –AllowAdministratorInteraction –caType EnterpriseRootCA –CryptoProviderName "ECDSA_P384#Utimaco CryptoServer Key Storage Provider" –KeyLength 384 –HashAlgorithm SHA384 -CACommonName Root-CA

If you are using smartcard authentication, the prompt will appear on the PIN Pad device to insert the smartcard and enter the PIN. Then, press the OK button on the PIN Pad.

When the confirmation message appears, type A and press Enter.
To verify that the CA service has started, open a command prompt and run the command below.

›_ Console

PS> sc query certsvc