The Certification Authority snap-in can be used to administer a certification authority (CA) on this computer or on another computer. The snap-in is installed automatically on a computer that has a CA installed. Otherwise, you must first install the Active Directory Certificate Services (AD CS) Remote Server Administration Tools.
You must be a CA administrator to complete this procedure. For more information, see Implement Role-Based Administration.
To administer a CA on this computer |
-
If this is the first time you are using the Certification Authority snap-in on this computer, click Start, click Run, type mmc, and then press ENTER.
-
On the File menu, click Add/Remove Snap-in.
-
Add the Certification Authority snap-in to the list on the right.
-
Select the computer hosting the CA that you want to administer, and then click OK.
You can also use an existing instance of the Certification Authority snap-in to switch from administering one CA to administering another CA.
You must be a CA administrator on the remote CA to complete this procedure. For more information, see Implement Role-Based Administration.
To administer a CA on another computer |
-
Open the Certification Authority snap-in.
-
On the Action menu, click Retarget Certification Authority.
-
Click Another computer, and type the name of the computer.
You can also customize the Certification Authority snap-in by using display filters. With filters, you can restrict the items displayed in the details pane of the Certification Authority snap-in to items that meet a set of criteria you establish. For example, you can create a filter that will display in the Issued Certificates folder only those certificates that were effective after a specific date.
You do not need to be a CA administrator, but you must have permissions to perform administration tasks on the CA to complete this procedure. For more information, see Implement Role-Based Administration.
To set display filters for the Certification Authority snap-in |
-
Open the Certification Authority snap-in.
-
Click any of the displayed folders except Certificate templates.
-
On the View menu, click Filter.
-
For each of the selection criteria:
- Click Add.
- In Field, click the field on which to
filter.
- In Operation, click the operation to
qualify the filter value for this field.
- In Value, type the qualification
value.
- Click Add.
-
To remove a filter, select it in the Filter dialog box, and then click Remove.
-
To remove all existing filters, in the Filter dialog box, click Reset.
The Remote Server Administration Tools can be installed on a computer running Windows Server 2008 R2 or Windows Server 2008 by using the Add Features Wizard.
You must be an administrator on the server to complete this procedure. For more information, see Implement Role-Based Administration.
To install the AD CS Remote Server Administration Tools |
-
Open Server Manager.
-
Under Features Summary, click Add Features to start the Add Features Wizard.
-
On the Select Features page, click the plus sign to the left of the Remote Server Administration Tools check box, and then click the plus sign to the left of the Role Administration Tools check box.
-
Select the Active Directory Certificate Services check box, click Next, and then click Install.
-
When installation is complete, click Close.
To perform remote administration tasks from a computer running Windows Vista, you can obtain the Remote Server Administration Tools Pack from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=89361).