Setting Up Certificate Enrollment Web Services

Applies To: Windows Server 2008 R2

Use Server Manager to install and configure the certificate enrollment Web services, which include the Certificate Enrollment Web Service and the Certificate Enrollment Policy Web Service. See "Additional references" for installation and configuration procedures.

Tip

Updated information for this topic appears on the TechNet Wiki in the article Certificate Enrollment Web Services in Active Directory Certificate Services.

Installation requirements

Before installing the certificate enrollment Web services, ensure that your environment meets these requirements:

  • A host computer as a domain member running Windows Server 2008 R2.

  • An Active Directory forest with a Windows Server 2008 R2 schema. See Prepare a Windows 2000 or Windows Server 2003 Forest Schema for a Domain Controller That Runs Windows Server 2008 or Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkID=93242).

  • An enterprise certification authority (CA) running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003.

  • Client computers running Windows 7 or Windows Server 2008 R2.

  • A Server Authentication certificate installed for HTTPS.

During installation of certificate enrollment Web services, the following server roles and features will be installed if they are not already installed:

  • Web Server (IIS)

  • Microsoft .NET Framework version 3.5

Installation options

The following installation options are available for the certificate enrollment Web services:

  • The Certificate Enrollment Web Service and the Certificate Enrollment Policy Web Service should be installed on different computers.

  • The CA can be installed on the same computer as the Certificate Enrollment Web Service or the Certificate Enrollment Policy Web Service.

  • The Certificate Enrollment Web Service or the Certificate Enrollment Policy Web Service can be installed on the same computer as these other Web-based AD CS role services:

    • CA Web Enrollment

    • Network Device Enrollment Service

    • Online Responder

  • The Certificate Enrollment Policy Web Service can be installed on multiple computers in an enterprise; however, only a single instance of this service can be installed on each computer.

  • Multiple instances of the Certificate Enrollment Web Service can be installed on a single computer in order to support multiple CAs.

  • The certificate enrollment Web services are not supported on the Server Core installation option of Windows Server 2008 R2.

Authentication options

The following authentication options are available for the certificate enrollment Web services:

  • Windows integrated authentication

  • User name and password

  • Client certificate

Additional references