Part one can be found here.

Add the role












Configure Active Directory/Certificate Authority












Navigate to the C:\ drive and locate the signing request.

Verify that the certificate service was installed.

Configure the Root CA – Edit the CRL on the root CA.
Right-click on the root CA > click properties > click the extensions tab > click add


Edit the CRL Distribution Point

Edit the Authority Information Access (AIA) section


Extend the revoked certificate properties > Extend the CRL publication interval.
Right-click on the “revoked certificates.” > properties

Publish the changes


The cert files can be found here…

Copy the cert request from the intermediate CA to the Root CA.
Map a network share


Note: Copy the following files from the Root CA to the intermediate CA file path.
From the root CA.

To the intermediate CA

Go to the root CA
Right-click on the root certificate


The submitted file can be found under the “pending requests” certificate folder and must be manually approved.

Right-click on the “pending requests” folder

The issued certificate will be moved to the “issued certificates” folder



Export the Certificate
Open the certificate


Export the desired formats.





Two files were extracted and saved

Log into the intermediate CA and Install the Certificate
Go to the certificate authority
Right-click on the CA


The certificate will be installed. Start the service.


