ConfigMgr Console
Building a CM Lab – Certificate Authority [3]

Receive notification right in your inbox whenever new content like this is released & sign up for our email list!
We’ll send you the latest updates, how-to’s, and solutions to empower you at every endpoint.
By signing up you agree to our Privacy Policy.
Series Post 3, adding a Certificate Authority into your lab (Requires you setup a DC first), completely optional for your environment.
This is a bonus, you can do everything you want in your lab without this feature, but guess what, if you’re going to do anything that needs HTTPS, having your own Certificate Authority (CA) makes this so much slicker.
Creating a CA is straight forward, you pick the role and click next a few times. I’m adding it to my DC, as it’s an easy place to put it.















Ok, so now we have setup our CA & had it configured. Nothing too special, now lets create a Cert Template. In this example I’ll be creating a certificate template to be used with our Recast Management Server Web Server, which will basically be the same for any web server.









Now that this is done, you’ll have to Add these certs to “Certificate Templates” – Otherwise you might get this error:
“The requested certificate template is not supported by this CA. A valid certification authority (CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation, or the CA is not trusted.”
This drove me crazy for a bit then realized I forgot a step. Any Templates you’ve duplicated and created that you want this CA to be able to give out, you’ll need to add here: [More Info]

Now, on the server, you can enroll and add the certificate.
In this example I’ll be having the certificate enrolled on the Recast Management Server which hosts our Recast Enterprise Server Web Service.
Currently it’s using it’s self-issued certificate which causes clients to get a warning when you try to connect.








Open up IIS, choose the Recast Management Server, click Bindings, then click “Edit” and choose the cert that was issued.

So now we have a CA setup and used it to improve the experience on our Recast Management Server. Long term plan is to use it to enable HTTPS only on our CM Server. We’ll get to that in a future post.
Blog Post List
Series Introduction – Building a CM Lab from Scratch
- Domain Controller – Setting up your Domain Controller
- Gateway Virtual Machine – Creating a Router for your Lab using Windows Server
- Certificate Authority – On Domain Controller [Optional]
- ConfigMgr Server Pre-Reqs (Windows Features)
- Configuration Settings (AD & GPOs)
- Source Server (File Share)
- ConfigMgr SQL Install
- ConfigMgr Install
- ConfigMgr Basic Settings
- ConfigMgr Collections & App Deployment
- ConfigMgr OSD
- ConfigMgr Reporting Services