Submit an advanced certificate request via the Web

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To submit an advanced certificate request via the Web

  1. Open Internet Explorer.

  2. In Address, type https://ServerName/certsrv, where ServerName is the name of the Windows 2000 Web server where the certification authority that you want to access is located.

  3. Click Request a certificate.

  4. Click advanced certificate request.

  5. Click Creae and submit a request to this CA.

  6. Fill in any identifying information requested and any other options you require and click Submit.

  7. Do one of the following:

    • If you see the Certificate Pending Web page, see Related Topics below for the procedure to check on a pending certificate.

    • If you see the Certificate Issued Web page, click Install this certificate.

  8. If you are finished using the Certificate Services Web pages, close Internet Explorer.

Notes

  • To open Internet Explorer, click Start, point to All programs, and then click Internet Explorer.

  • A Windows XP computer cannot request a certificate on behalf of another subject when using the Windows 2000 certification authority Web pages.

  • Running Web enrollment on a Windows 2000 Web server that is acting as a Web enrollment agent for a Windows Server 2003 family CA may not provide the full functionality of the CA, because it was not designed to fully integrate with the Windows Server 2003 family CA. Limits may occur with smart card enrollment or enrollment for a certificate based on a Version 2 certificate template. To provide full functionality through the Web enrollment agent, run it on a Web server that is running a Windows Server 2003 operating system.

  • Using the Advanced Certificate Request Web page, you can set the following options for each certificate requested:

    • Certificate template (from enterprise certification authorities) or Intended purposes (from stand-alone certification authorities). Indicates what applications the public key in the certificate can be used for, such as client authentication or e-mail.

    • Cryptographic service provider (CSP).

    • Key size. The length, in bits, of the public key on the certificate. In general, the longer the key, the more secure it is.

    • Hash algorithm

    • Key usage. How the private key can be used. "Exchange" means that the private key can be used to enable the exchange of sensitive information. "Signature" means that the private key can be used only to create a digital signature. "Both" means that the key can be used for both exchange and signature functions.

    • Create a new key set or use an existing key set. You can use an existing public and private key pair stored on your computer or create a new public and private key pair for a certificate. For more information about the issues of reusing a key as opposed to generating a new key, see the resources on Certificates Resources.

    • Enable strong private key protection. When you enable strong private key protection, you are prompted for a password every time the private key needs to be used.

    • Mark keys as exportable. When you mark keys as exportable, you can save the public and private key to a PKCS #12 file. This is useful if you change computers and want to move the key pair, or if you want to remove the key pair and secure them in another location.

    • Use the local machine store. Select this option if the computer will need access to the private key associated with the certificate when other users are logged on. Select this option when requesting certificates intended to be issued to computers (such as Web servers) instead of certificates issued to people.

    • Save the request to PKCS #10 file. This is useful if the certification authority is unavailable for processing certificate requests online. For information on creating and submitting a certificate request using a PKCS #10 file, see Related Topics.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Using Windows 2000 Certificate Services Web pages
Save a certificate request to a PKCS #10 file
Check on a pending certificate request
Submit a user certificate request via the Web
Request a certificate using a PKCS #10 or PKCS #7 file
Use Windows Server 2003 Certificate Services Web Pages