Appendix A. Creating a Domain Certificate Authority
The domain certificate authority should be separate from the XenDesktop servers and should be running on Windows Server 2008 R2 SP2 or Windows Server 2012 R2. In our example in Chapter 2, Installing XenDesktop®, we used the Active Directory domain controller running on Windows Server 2012 R2 in our lab.
The steps to create a domain certificate authority are as follows:
Log in to your system, and from the Start menu, navigate to Administrative Tools | Server Manager as shown in the following screenshot:
Navigate to Roles | Add Roles.
Select Active Directory Certificate Services and click on Next, as shown in the following screenshot:
Select Certificate Authority and Certificate Authority Web Enrollment and then click on Next. Select Add Required Role Services and click on Next.
Select Enterprise and then click on Next.
Select Root CA and click on Next.
Note
An enterprise root CA is a top-level CA in a certification hierarchy which requires the Active Directory domain service. It self signs its own CA certificate and uses a group policy to publish this certificate to the trusted root certification authorities store of all the servers and workstations in the domain.
Choose Create a new private key and click on Next.
Select Set Fully Qualified Domain Name and click on Next.
Next, select Set validity period and click on Next.
Then, choose Install additional Role services for IIS and click on Next.
Select Install.
Tip
You can see a demo of the aforementioned steps by following the video tip at http://www.citrix.com/tv/#videos/7971.
Note
The preceding steps are detailed for you so that you can get your lab up and running quickly. Designing, building, and supporting a CA in production is a big undertaking. The following are some links to help you get started:
