diff --git a/doc/31-Changelog.md b/doc/31-Changelog.md
index becbf881..9323e503 100644
--- a/doc/31-Changelog.md
+++ b/doc/31-Changelog.md
@@ -19,6 +19,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#327](https://github.com/Icinga/icinga-powershell-framework/pull/327) Fixes possible exception on first import run for certain systems
 * [#328](https://github.com/Icinga/icinga-powershell-framework/pull/328) Fixes installer while using installation files or the installation command, which did not overwrite default values with custom values
 * [#330](https://github.com/Icinga/icinga-powershell-framework/pull/330) Fixes `Remove-ItemSecure` which was not using all args and might fail on empty path entries
+* [#331](https://github.com/Icinga/icinga-powershell-framework/pull/331) Fixes Icinga Director Self-Service installation over Icinga Management Console
 
 ### Enhancements
 
diff --git a/lib/core/installer/Start-IcingaForWindowsInstallation.psm1 b/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
index ab3faf60..184da90b 100644
--- a/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
+++ b/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
@@ -41,6 +41,7 @@ function Start-IcingaForWindowsInstallation()
     $IcingaZone            = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaParentZone';
     $IcingaEndpoints       = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaParentNodes';
     $IcingaPort            = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallationMenuEnterIcingaPort';
+    $IcingaCAServer        = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer';
 
     # Repository
     $IcingaStableRepo      = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallationMenuStableRepository';
@@ -172,7 +173,7 @@ function Start-IcingaForWindowsInstallation()
         Write-IcingaAgentApiConfig -Port $IcingaPort;
     }
 
-    if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaParentAddresses[0] -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
+    if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
         Disable-IcingaAgentFeature 'api';
         Write-IcingaConsoleWarning `
             -Message '{0}{1}{2}{3}{4}' `
diff --git a/lib/core/installer/menu/installation/AdvancedEntries.psm1 b/lib/core/installer/menu/installation/AdvancedEntries.psm1
index c6840483..7a658fc2 100644
--- a/lib/core/installer/menu/installation/AdvancedEntries.psm1
+++ b/lib/core/installer/menu/installation/AdvancedEntries.psm1
@@ -23,6 +23,7 @@ function Add-IcingaForWindowsInstallationAdvancedEntries()
     Show-IcingaForWindowsInstallationMenuEnterWindowsServiceDirectory -Automated -Advanced;
     Show-IcingaForWindowsInstallationMenuStableRepository -Automated -Advanced;
     Show-IcingaForWindowsInstallerMenuSelectInstallJEAProfile -Automated -Advanced;
+    Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer -Automated -Advanced;
 
     Enable-IcingaFrameworkConsoleOutput;
 
diff --git a/lib/core/installer/menu/installation/director/DirectorTemplate.psm1 b/lib/core/installer/menu/installation/director/DirectorTemplate.psm1
index 8ddd0211..0740c073 100644
--- a/lib/core/installer/menu/installation/director/DirectorTemplate.psm1
+++ b/lib/core/installer/menu/installation/director/DirectorTemplate.psm1
@@ -6,6 +6,7 @@ function Resolve-IcingaForWindowsManagementConsoleInstallationDirectorTemplate()
 
     $DirectorUrl    = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorUrl';
     $SelfServiceKey = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceKey';
+    $UsedEnteredKey = $SelfServiceKey;
 
     # Once we run this menu, we require to reset everything to have a proper state
     if ($Register -eq $FALSE) {
@@ -46,6 +47,7 @@ function Resolve-IcingaForWindowsManagementConsoleInstallationDirectorTemplate()
 
         try {
             $SelfServiceKey = Register-IcingaDirectorSelfServiceHost -DirectorUrl $DirectorUrl -ApiKey $SelfServiceKey -Hostname $Hostname;
+            $UsedEnteredKey = $SelfServiceKey;
         } catch {
             Write-IcingaConsoleNotice 'Host seems already to be registered within Icinga Director. Trying local Api key if present'
             $SelfServiceKey = Get-IcingaPowerShellConfig -Path 'IcingaDirector.SelfService.ApiKey';
@@ -54,7 +56,7 @@ function Resolve-IcingaForWindowsManagementConsoleInstallationDirectorTemplate()
                 Write-IcingaConsoleNotice 'No local Api key was found and using your provided template key failed. Please ensure the host is not already registered and drop the set Self-Service key within the Icinga Director for this host.'
             }
         }
-        Add-IcingaForWindowsInstallerConfigEntry -Selection 'c' -Values $SelfServiceKey -OverwriteValues -OverwriteMenu 'Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceKey';
+        Add-IcingaForWindowsInstallerConfigEntry -Selection 'c' -Values $UsedEnteredKey -OverwriteValues -OverwriteMenu 'Show-IcingaForWindowsManagementConsoleInstallationEnterDirectorSelfServiceKey';
     }
 
     try {
@@ -184,6 +186,8 @@ function Resolve-IcingaForWindowsManagementConsoleInstallationDirectorTemplate()
         Show-IcingaForWindowsInstallerMenuEnterIcingaParentZone -Value $ParentZone -Automated;
     }
 
+    Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer -Automated -Value $MasterAddress;
+
     Show-IcingaForWindowsManagementConsoleInstallationDirectorRegisterHost -Automated;
 
     Enable-IcingaFrameworkConsoleOutput;
diff --git a/lib/core/installer/menu/installation/icinga/IcingaCAServer.psm1 b/lib/core/installer/menu/installation/icinga/IcingaCAServer.psm1
new file mode 100644
index 00000000..00f101da
--- /dev/null
+++ b/lib/core/installer/menu/installation/icinga/IcingaCAServer.psm1
@@ -0,0 +1,43 @@
+function Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer()
+{
+    param (
+        [array]$Value          = @(),
+        [string]$DefaultInput  = 'c',
+        [switch]$JumpToSummary = $FALSE,
+        [switch]$Automated     = $FALSE,
+        [switch]$Advanced      = $FALSE
+    );
+
+    if ($null -eq $Value -or $Value.Count -eq 0) {
+        $IcingaEndpoints = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaParentNodes';
+
+        foreach ($endpoint in $IcingaEndpoints) {
+            $EndpointAddress = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaParentAddresses' -Parent $endpoint;
+
+            if ($null -ne $EndpointAddress -And [string]::IsNullOrEmpty($EndpointAddress) -eq $FALSE) {
+                $Value += $EndpointAddress;
+                break;
+            }
+        }
+    }
+
+    Show-IcingaForWindowsInstallerMenu `
+        -Header 'Please enter your Icinga CA server:' `
+        -Entries @(
+            @{
+                'Command' = 'Show-IcingaForWindowsInstallerConfigurationSummary';
+                'Help'    = 'This is the Icinga endpoint to connect to for signing your certificates. This can be a satellite, as requests will be forwarded to your CA server.';
+            }
+        ) `
+        -DefaultIndex $DefaultInput `
+        -AddConfig `
+        -ConfigLimit 1 `
+        -DefaultValues @( $Value ) `
+        -MandatoryValue `
+        -JumpToSummary:$JumpToSummary `
+        -ConfigElement `
+        -Automated:$Automated `
+        -Advanced:$Advanced;
+}
+
+Set-Alias -Name 'IfW-CAServer' -Value 'Show-IcingaForWindowsInstallationMenuEnterIcingaCAServer';