Install Microsoft Certificate Service

Written by stevey on August 31st, 2011

I am in a project that requires me to use client certificate to authenticate web users who make request to using my WCF service hosted in a SSL secured website. During development phase, I just want to be able to test out the proof-of-concept, so I need to be able to self-request client certificates and grant them using localhost Certificate Authority (CA). The first step is to install the Microsoft Certificate Service on my local machine, a Windows 2003 Server. Here were the steps I went through to get this done:

  1. Went to Start->Control Panel -> Add/Remove Programs – > Add/Remove Windows Components
  2. Checked the “Certificate Services” and clicked Next
  3. CA Type: there was only two options enabled: “Stand-alone root CA” and “Stand-alone subordinate CA”.
    The two Enterprise level CA were grayed out probably due to that my machine is not an actual Domain Controller. I left the default option “Stand-alone root CA”
    alone and clicked Next
  4. CA Identity: I entered my machine name to the “Common name for this CA” box, and moved on.
  5. Next screen is “Certificate Database Settings” and just leave everything as it is (Certificate database:
    c:\windows\system32\CertLog, Certificate Database log: ibid, Shared folder: C:\CAConfig) and clicked on Next
  6. At this point, I was prompted with a Windows message “To complete the installation, certificate Services must temporarily stop the
    Internet Information Services. Do you want to stop the service now?”, answered Yes
  7. Well, then I ran into the screen that asked for Windows Service Pack 2 CD”, changed location to c:\I386 and it went through.
  8. Another Message box about enabling ASP on IIS popped up, clicked Yes, and the installation was completed successfully.
  9. To verify the CA is installed correctly, go Start->Administrative Tools ->Certificate Authority and the CA MMC should come up showing local machine as root and four folders named “Revoked Certificates”, “Issued Certificates”,”Pending Requests” and “Failed Requests”. In the next post, I will cover the steps I went through to submit Certificate requests that will be showing under the “Pending Requests” here



Leave a Comment