# Create a CA

1. Open the "Server Manager" and click on "Manage" and select "Add roles and Features".

<div align="left"><img src="https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FHube7CO9eIZfRP7X5U2v%2Fimage.png?alt=media&#x26;token=c5f386ef-2aa7-4182-8355-044572c1861d" alt=""></div>

2\. In the step "Installation type" select the default "Role-based or feature-based installation" and click "Next". Then in "Server Selection" click next.

3\. In the step "Server Roles" select "Active Directory Certificate Services" and click "Add Features".

<div align="left"><img src="https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FACPF3yINjLTj5jSrtGFE%2Fimage.png?alt=media&#x26;token=68fefde5-cb00-4a00-b07f-d3e591f749ee" alt=""></div>

4\. Click next till the step "Role Services" and select "Certificate authority" and "Certificate Authority Web Enrollment" and select "Add Features".

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2F8lBLYes67iOf4EMBexnD%2Fimage.png?alt=media\&token=76fbfdb2-5847-435f-8f04-cd16e53a7889)

5\. Click "Next" and finish the installation.

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FwE37Ev26oRF4LRDLj912%2Fimage.png?alt=media\&token=e5d0907d-94f7-419c-8273-64bf813508ff)

6\. Click on the "Flag" in the "Server Manager" it should have an exclamation mark and click the "Configure Active Directory Certificate Services on the...."

<div align="left"><img src="https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FCHx7KP5nRTjFvZM4NAZT%2Fimage.png?alt=media&#x26;token=f774eff3-34a2-462d-aab2-f9c2b33277d7" alt=""></div>

<div align="left"><img src="https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2F264ZJEW2gMqflnhbs5is%2Fimage.png?alt=media&#x26;token=82f8d6aa-8c56-4192-849c-21f41c34628c" alt=""></div>

7\. In the step "Credentials" fill in the credentials for the `bank\Administrator` user. The password should be `Welcome01!`.

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FRlzzPaWmlgqWTgta5fb0%2Fimage.png?alt=media\&token=28bd94c1-d405-4441-b2e5-c18abc5e617f)

8\. Click on "Next" and in the step "Role Services" select "Certificate Authority" and "Certificate Authority Web Enrollment" and click "Next".

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FFQsC7EUUoSvgq8L8R63d%2Fimage.png?alt=media\&token=60001430-ed60-4f3e-95d6-a0ebe2b1379e)

8\. In the step "Setup Type" select the default "Enterprise CA" and click "Next".

9\. In the step "CA Type" select the default "Root CA" and click "Next".

10\. In the step "Private Key" select "Create a new private key" and click "Next". In the step "Cryptography" make sure sha256 is selected and key length 2048 and click "Next".

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FImbEsyKUWIrgOhfUhUM3%2Fimage.png?alt=media\&token=54bf671d-6c01-4be3-a66d-812109a177ac)

11\. In the step "CA Name" fill in the name `amsterdambank-ca` and click "Next".

![](https://1033393870-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPqGbN7FCY7Xh4OkOtvin%2Fuploads%2FGEGD0yLlTLmodYTmXPXO%2Fimage.png?alt=media\&token=068d950b-fde8-43d3-be54-d6a296436b00)

12\. In the step "Validity Period" click "Next". Then click "Next" and click "Configure".