Issuing Your Own Server Certificates

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Use Microsoft Certificate Services to create a customizable service for issuing and managing certificates. You can create server certificates for the Internet or for corporate intranets, giving your organization complete control over certificate management policies. For more information, see "Certificate services" in Help and Support Center for Windows Server 2003.

Online requests for server certificates can be made only to local and remote Enterprise Certificate Services and remote standalone Certificate Services. The IIS Web Server Certificate Wizard does not recognize a standalone installation of Certificate Services on the same computer when requesting a certificate. To get around this, use the offline certificate request to save the request to a file and then process as an offline request. For information about standalone certification authorities, see "Standalone certification authorities" in Help and Support Center for Windows Server 2003.

If you are not using an online certification authority, you will need to save the request file generated by the Web Server Certificate Wizard to disk and send it to the CA. When the response is received, you can start the wizard and it will begin where it left off. If you are replacing a certificate, IIS will continue to use the old certificate until the new request is completed. For information about using the Web Server Certificate Wizard to save a request file, see Obtaining a Server Certificate from a Third-party CA.