Hello, I installed AD certificate services on a Windows 2008 R2 member server. IIS is installed on this machine as I like my clients to initiate certificate request through web enrollment. Installation of AD certificate services ran fine and I pretty much accepted all defaults. Please find below my queries: I understand once certificate services are installed, machine name cannot be changed. For example, say my machine name is "MB_10", but I like my CA Name to be "CertificateServer _01". Can I change the name to "CertificateServer _01" during the install process? I like to configure IIS to use https for clients to access the CA web page. Once the install was finished, I could access the web page from http://localhost/certsrv and a certificate was created on the machine. I guess I have to use this CA certificate to configure https. I tried to configure https using this certificate and have no luck. Here are the steps I followed: From IIS "Default Web Site", set the binding to use https on port 443 with the CA certificate created while installing AD ceritificate services. Drill down to CertSrv folder under "Default Web Site", SSL settings and checked Require SSL with rest accepting defaults and applied the change. Browsing to https://localhost/certsrv fails with error "Internet Explorer cannot displat the webpage". Is there any permission settings I have to do on IIS for SSL to work? Thanks in advanceTom

You can't change the CA name, if you do that you will break the CA (trusted chain)hierarchy. You have to install everything from fresh. Regards Awinish Vishwakarma MY BLOG: awinish.wordpress.com This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Thanks. So does it mean to go with default name the installer pick? To be clear, I am not changing the machine name. I am not changing the CA name after installing AD ceriticate services, I am doing it during the install process. TIATom

Is it the new implementation, if yes refer the below article. http://technet.microsoft.com/en-us/library/cc772393%28WS.10%29.aspx You can also post this question in security forum to get better advice from their experts. http://social.technet.microsoft.com/Forums/en/winserversecurity/threads Regards Awinish Vishwakarma MY BLOG: awinish.wordpress.com This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Thanks muchTom

Hi Tom, Your second question has been answered in your another thread: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/371c99b6-9a48-4018-88b0-e1f39a6694b0 Regarding the first question, if you want to use a name that is different from the computer name as CA name during the CA installation process, the answer is yes. For example, if the domain name is domainname.com and the server name that you want to install CA on is servername, the default CA name in the installation wizard should be: domainname-servername-CA. You can change it to CertificateServer_01. If this does not address your concern, please feel free to let us know. Regards, Bruce Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

I was actually got confused and thought of it as a migration of CA to another server then new implementation. Yes, CA name can be different then default. Regards Awinish Vishwakarma MY BLOG: awinish.wordpress.com This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Glad to hear the information we provided was useful. If you have more questions in the future, you’re welcomed to this forum. Have a nice day! Regards, Bruce