Configuring CES
  1. guides
  2. en
  3. Administrator's Guide
  4. Managing certificates
  5. Managing certificates using Microsoft Certificate Authority through MSCEWS
  6. Configuring windows-integrated authentication
  7. Configuring CES

Configuring CES

The
Install-AdcsEnrollmentWebService
 cmdlet configures the Certificate Enrollment Web Service (CES). It is also used to create other instances of the service within an existing installation.
  1. Log in to the CES server using
    CESAdmin
     as user name, and then launch PowerShell in administrative mode.
  2. Run the command
    Import-Module ServerManager
    .
  3. Run the command
    Add-WindowsFeature Adcs-Enroll-Web-Svc
    .
  4. Run the command
    Install-AdcsEnrollmentWebService -ApplicationPoolIdentity -CAConfig "CA1.contoso.com\contoso-CA1-CA" -SSLCertThumbprint "sslCertThumbPrint" -AuthenticationType Kerberos
    .
    • Replace <
      sslCertThumbPrint
      > with the thumbprint of the SSL certificate created for the CES server, after deleting the spaces between the thumbprint values.
    • Replace
      CA1.contoso.com
       with your CA computer name.
    • Replace
      contoso-CA1-CA
       with your CA common name.
  5. Complete the installation by selecting either
    Y
     or
    A
    .
  6. Launch the IIS Manager Console.
  7. In the Connections pane, expand the web server that is hosting CES.
  8. Expand
    Sites
    , expand
    Default Web Site
    , and then click the appropriate installation virtual application name:
    contoso-CA1-CA _CES_Kerberos
    .
  9. From the left pane, click
    Application Pools
    .
  10. Select
    WSEnrollmentServer
    , and then from the right pane, click
    Actions
    >
    Advanced Settings
     .
  11. Select the identity field under Process Model.
  12. In the
    Application Pool Identity
     dialog, select the custom account, and then type
    CESSvc
     as the domain user name.
  13. Close all dialogs, and then recycle IIS from the right pane of IIS Manager Console.
  14. From PowerShell, type
    iisreset
     to restart IIS.
  15. For CESSvc domain users, enable delegation. For more information, see Enabling delegation.

This site uses cookies for various purposes including enhancing your experience, analytics, and ads. By continuing to browse this site or by clicking "Accept and close", you agree to our use of cookies. For more information, read our Cookies page.