Using Windows 2000 Certificate Services Web pages

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using Windows 2000 Certificate Services Web pages

By default, every certification authority that is hosted on a server running Windows 2000 has Web pages available for users and administrators. These are used to perform a variety of tasks related to requesting certificates. These Web pages are located at https://servername/certsrv, where servername is the name of the server running Windows 2000 that hosts the certification authority. The certsrv portion of the URL should always be in lowercase letters; otherwise, users may have trouble checking and retrieving pending certificates. Users can access these Web pages using Microsoft Internet Explorer version 5.0 and greater or Netscape Navigator version 3.01 and greater.

The Web pages are the only way for users to request certificates from stand-alone certification authorities. They are optional for users who want to request certificates from enterprise certification authorities. For more information about certification authorities, see Certificates and certification authorities.

If you have been granted access permissions, you can perform the following tasks from these Web pages:

  • Request a basic certificate. For more information, see Submit a user certificate request via the Web.

  • Request a certificate with advanced options. For more information, see Submit an advanced certificate request via the Web.

    This gives you greater control over the certificate request. Some of the user-selectable options that are available in an advanced certificate request include:

    • Cryptographic service provider (CSP) options. The name of the cryptographic service provider, the key size (512, 1024, and so on), the hash algorithm (SHA/RSA, SHA/DSA, MD2, MD5) and the key spec (exchange or signature).

    • Key generation options. Create a new key set or use an existing key set, mark the keys as exportable, enable strong key protection, and use the local computer store to generate the key.

    • Additional options. Save the request to a PKCS #10 file or add any specific attributes you want to add to the certificate.

    Netscape clients cannot use the advanced option Web pages.

  • Check on a pending certificate request. If you have submitted a certificate request to a stand-alone certification authority, you will need to check the status of the pending request to see if the certification authority has issued the certificate. If the certificate has been issued, it will be available for you to install it. For more information, see Check on a pending certificate request.

  • Retrieve the certification authority's certificate to place in your trusted root store. For more information, see Retrieve a certification authority certificate.

  • Retrieve the current certificate revocation list. For more information, see Retrieve a certificate revocation list.

  • Submit a certificate request using a PKCS #10 file or a PKCS #7 file. For more information, see Request a certificate using a PKCS #10 or PKCS #7 file.

  • (For administrators only) Request a certificate for a smart card on behalf of another user. For more information, see Set up a smart card for user logon.