ISA Server 2004 Configuration Guide 18
Install Microsoft Certificate Services in Enterprise CA
Mode
Microsoft Certificate Services will be installed in Enterprise CA mode on the domain
controller. There are several advantages to installing the CA in enterprise mode versus
standalone mode. These include:
• The root CA certificate is automatically entered into the Trusted Root Certification
Authorities certificate store on all domain member machines
• You can use the Certificates MMC snap-in to easily request a certificate. This greatly
simplifies requesting machine and Web site certificates
• All machines can be assigned certificates using the Active Directory autoenrollment
feature
• All domain users can be assigned user certificates using the Active Directory
autoenrollment feature
Note that you do not need to install the CA in enterprise mode. You can install the CA in
standalone mode, but we will not cover the procedures involved with installing the CA in
standalone mode or how to obtain a certificate from a standalone CA in this ISA Server 2004
Configuration Guide series.
Perform the following steps to install the Enterprise CA on the EXCHANGE2003BE domain
controller computer:
1. Click Start, then point to Control Panel. Click on Add or Remove Programs.
2. In the Add or Remove Programs window, click the Add/Remove Windows
Components button on the left side of the window.
3. On the Windows Components page, scroll through the list and put a checkmark in the
Certificate Services checkbox. Click Yes in the Microsoft Certificate Services dialog
box informing you that you may not change the name of the machine or the machine’s
domain membership while it is acting as a CA. Click Yes to continue.
4. Click Next on the Windows Components page.
5. On the CA Type page, select the Enterprise root CA option and click Next.
