Add the ADCS Role

  1. Click the Server Manager icon next to the Start button to open the Server Manager window.
  2. Click Roles in the left pane.
  3. Click Add Role in the right pane. An Add Roles Wizard window displays.

  4. Under Server Roles, select the Active Directory Certificate Services checkbox.

  5. Click Next.

  6. Select the Certification Authority checkbox and then select Next.

  7. Select Enterprise and then select Next.

  8. Select Root CA and then select Next.

Define CA Private Key Settings

  1. Select Create a new private key and then select Next.

  2. Select your preferred Key character length (for example 4096).

  3. Select your preferred algorithm (for example SHA256) from the Select the hash algorithm for signing certificates issued by the CA and then select Next.

  4. Click Common name for this CA and enter the name of the CA or use the default CA displayed and then select Next.

    Make note of the name of the CA server. You will need to enter this information in Workspace ONE UEM when setting up access to the CA.

  5. Select the desired length of time under Set the validity period for the certificate generated for this CA and then select Next.

    The length of time you select is the validity period for the CA ‒not the certificate, however, when the validity for the CA expires, so does the certificate.

Configure the ADCS Certificate Database

  1. Click Next to accept the default information in the Configure Certificate Database screen.

  2. Click Next to accept the Confirm Installation Selections screen.

  3. Click Install. The installation begins. After the installation completes, the Installation Results window displays.

  4. Click Close.