Installing Microsoft Root Certification Authority for CUCM Certificate Signing

 

 

Applies To: Windows Server 2008 R2

 

 

Certificates are used between end points to build a trust/authentication and encryption of data. This confirms that the endpoints communicate with the intended device and have the option to encrypt the data between the two endpoints.

 

When your system trusts a certificate, this means that there is a pre-installed certificate(s) on your system which states it is 100 percent confident that it shares information with the correct end point. Otherwise, it terminates the communication between these end points.

 

Without certificates, it is impossible to know if a rogue DNS server was used, or if you were routed to another server. Certificates ensure that you are properly and securely routed to the intended website, such as your bank website, where the personal or sensitive information you enter is secure.

 

 

 

A non-technical example of this is your driver's license. You use this license (server/service certificate) to prove that you are who you say you are; you obtained your license from your local Division of Motor Vehicles branch (intermediate certificate) who has been given permission by the Division of Motor Vehicles (DMV) of your State (Certificate Authority).

 

When you need to show your license (server/service certificate) to an officer, the officer knows they can trust the DMV branch (intermediate certificate) and the Division of Motor Vehicles (Certificate authority), and they can verify that this license was issued by them (Certificate Authority).

 

Your identity is verified to the officer and now they trust that you are who you say you are. Otherwise, if you give a false license (server/service certificate) that was not signed by the DMV (intermediate certificate), then they will not trust who you say you are.

 

 

 

 

The remainder of this document provides an in-depth, technical details on installation of a Microsoft Certificate Authority to sign certificate for CUCM etc. 

 

 

 

To install a root CA

 

 

1.   Open Server Manager, click Add Roles, click Next,and click Active Directory Certificate Services. Click Next two times.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2.    On the Select Role Services page, click Certification Authority. Click Next.

 

 

 

 

 

 

 

3.    On the Specify Setup Type page, click Standalone or Enterprise. Click Next.

 

 

 

 

 

 

 

 

 

 

4.    On the Specify CA Type page, click Root CA. Click Next.

 

 

 

 

 

 

 

 

 

5.    On the Set Up Private Key page, click Create a new private key. Click Next.

 

 

 

 

 

 

 

 

6.    On the Configure Cryptography page, select a cryptographic service provider, key length, and hash algorithm. Click Next.

 

 

 

 

 

 

 

 

 

7.   On the Configure CA Name page, create a unique name to identify the CA. Click Next.

 

 

 

 

 

 

 

 

 

 

8.   On the Set Validity Period page, specify the number of years or months that the root CA certificate will be valid. Click Next.

 

 

 

 

 

 

 

 

 

9.   On the Configure Certificate Database page, accept the default locations unless you want to specify a custom location for the certificate database and certificate database log. Click Next.

 

 

 

 

 

 

 

 

 

10.   On the Confirm Installation Options page, review all of the configuration settings that you have selected. If you want to accept all of these options, click Install and wait until the setup process has finished.