Install a NAP CA

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

The NAP certification authority (CA) can be a standalone or enterprise CA. Configuration differs slightly for each. In its recommended configuration, the NAP CA is a dedicated standalone subordinate CA.

Note

If you choose to install an enterprise NAP CA, the computer must be a domain member and it must be running Windows Server 2008 Enterprise or Windows Server 2008 R2 Enterprise. If the NAP CA is a workgroup computer or is running Windows Server 2008 Standard or Windows Server 2008 R2 Standard, it must be a standalone CA.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Install a NAP CA

Use the following procedures to install a standalone or an enterprise NAP CA on a computer running Windows ServerĀ® 2008 or Windows Server 2008 R2. You can also install a NAP CA on a computer running Windows Server 2003.

To install a standalone NAP CA

  1. In Server Manager, under Roles Summary, click Add Roles, and then click Next.

  2. On the Select Server Roles page, select the Active Directory Certificate Services check box, and then click Next twice.

  3. In the Select Role Services page, confirm that Certification Authority is selected, and then click Next.

  4. On the Specify Setup Type page, choose Standalone, and then click Next.

  5. On the Set Up Private Key page, choose Create a new private key, and then click Next twice.

  6. On the Configure CA Name page, accept the default CA name or, if you prefer, under Common name for this CA, type a name for the CA, and then click Next.

  7. On the Request Certificate from a Parent CA page, choose Send a certificate request to a parent CA, and then click Browse.

  8. Click the name of the root CA for your NAP CA infrastructure, click OK, and then click Next twice.

  9. On the Confirm Installation Selections page, click Install.

  10. On the Installation Results page, verify that the installation was successful, and then click Close.

To install an enterprise NAP CA

  1. In Server Manager, under Roles Summary, click Add Roles, and then click Next.

  2. On the Select Server Roles page, select the Active Directory Certificate Services check box, and then click Next twice.

  3. In the Select Role Services page, confirm that Certification Authority is selected, and then click Next.

  4. On the Specify Setup Type page, choose Enterprise, and then click Next.

  5. On the Specify CA Type page, choose Subordinate CA, and then click Next.

Note

A root CA can be used to issue NAP health certificates, but in its recommended configuration, a NAP CA is a subordinate CA.

  1. On the Set Up Private Key page, choose Create a new private key, and then click Next twice.

  2. On the Configure CA Name page, accept the default CA name or, if you prefer, under Common name for this CA, type a name for the CA, and then click Next.

  3. On the Request Certificate from a Parent CA page, choose Send a certificate request to a parent CA, and then click Browse.

  4. Click the name of the root CA for your NAP CA infrastructure, click OK, and then click Next twice.

  5. On the Confirm Installation Selections page, click Install.

  6. On the Installation Results page, verify that the installation was successful, and then click Close.

See Also

Concepts

Checklist: Deploy an HRA Server
Configure an HRA Server for NAP
Planning the Placement of a NAP CA Server