Windows 2008 CA Setup

Posted on 2011-10-18
Last Modified: 2012-05-12
Here is my situation. My boss wants us to move towards two factor authentication for laptop users who use VPN to access the network. Currently, we have a Sonicwall SSL-VPN 2000 appliance which provides our VPN access. Our plan is to set up a simple Windows CA server and use smart cards which will authenticate with this CA and allow VPN access. Last week, I installed the CA role on a VM which is running Windows 2008 R2 SP1. However, I am having quite a time setting up the CA since this is my first rodeo dealing with certificates and CAs.

First question is where would I find the server.crt. I thought my public and private key pairs were created during the creation of the CA role, but I cannot find these keys or certificates. Secondly, what is the best way to set up a Windows CA? If I need to, I will uninstall the current CA role and start over.

Your thoughts and answers are appreciated. Thanks.
Question by:thef284
    LVL 15

    Accepted Solution

    On your CA if you go to http(s):\\localhost\certsrv you will be able to download a CA certificate, certificate chain, or CRL if that is what you mean by server.crt.

    If you're looking for best Practice recommendation: 2-tier CA hierarchy, take a look at this link here:

    LVL 26

    Assisted Solution


    On the CA servers, mmc --> certificates --> local sever --> Personal
    You should see some certificates related to that CA

    On the same certificates consoles --> other can find the root-certs for this CA.

    Just uninstalling the "AD integrated CA" server is not sufficient
    You need to clean-up the AD to remove the old stuffs @ the AD to get a cleaner setup.

    Related Links:
    How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000

    How to remove manually Enterprise Windows Certificate Authority from Windows 2000/2003 Domain

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now