Submit a Basic User Certificate Request over the Web

  • Article

Applies To: Windows Server 2008

Each CA that is installed on a computer running Windows Server 2003 has Web pages that users can access to submit basic and advanced certificate requests. By default, these pages are located at https://servername/certsrv, where servername is the name of the server hosting the Web pages.

Important

Windows Server 2003 CA Web pages must be updated before users can access these Web pages by using this version of Windows.

When you request certificates from a Windows-based stand-alone CA, you use the Certificate Services Web pages. Web pages can also be used to request certificates from enterprise CAs if you want to set optional request features that are not available in the Certificate Request Wizard, such as marking the keys as exportable, setting key length, choosing the hash algorithm, or saving the request to a file.

Users or local Administrators are the minimum group memberships required to complete this procedure. Review the details in "Additional considerations" in this topic.

To submit a user certificate request over the Web

  1. Open Internet Explorer.

  2. In Internet Explorer, connect to https://servername/certsrv, where servername is the name of the server hosting the Web pages.

  3. Click Request a certificate.

  4. On Request a Certificate, select the type of certificate you want:

    1. If the CA is an enterprise CA, click User Certificate.

    2. If the CA is a standalone CA, select either Web Browser Certificate or E-Mail Protection Certificate.

  5. On the Identifying Information page, enter your identifying information for the certificate request, if needed.

  6. (Optional) Click More Options to specify the cryptographic service provider (CSP) and whether you want to enable strong private key protection. (This means that you will receive a prompt every time that the private key associated with the certificate is used.)

  7. Click Submit.

  8. Do one of the following:

    • If you see the Certificate Pending Web page, see Related Topics below for the procedure to check on a pending certificate.

    • If you see the Certificate Issued Web page, click Install this certificate.

  9. If you are finished using the Web pages, close Internet Explorer.

Additional considerations

  • In order for a user to obtain a certificate using Web enrollment, an administrator must set the appropriate permissions on the certificate templates on which the requested certificate is based.

  • If this is the first time you are accessing the Web server for a CA, you must add the server to the list of Trusted sites in Internet Explorer. Trusted sites can be added by selecting Internet Options on the Tools menu, clicking the Security tab, selecting the Trusted sites zone, and clicking Sites. In addition, the Web server for the CA must be configured to use HTTPS authentication.

Additional references