It is not always possible to submit a certificate request online to a certification authority (CA). In these instances, you might still be able to submit a certificate request in the form of a PKCS #7 or PKCS #10 file. In general, you use a PKCS #10 file to submit a request for a new certificate and a PKCS #7 file to submit a request to renew an existing certificate.
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.
|To request a certificate by using a PKCS #10 or PKCS #7 file|
Open a Web browser.
Open https://servername/certsrv, where servername is the name of the Web server hosting the CA Web enrollment pages.
Click Request a certificate, and then click Advanced certificate request.
Click Submit a certificate request using a base-64-encoded CMC or PKCS #10 file or Submit a renewal request by using a base-64-encoded PKCS #7 file.
In Notepad, click File, click Open, select the PKCS #10 or PKCS #7 file, click Edit, click Select all, click Edit, and then click Copy. On the Web page, click in the Saved request box. Click Edit, and then click Paste to paste the contents of the certificate request into the box.
If you are connected to an enterprise CA, choose the certificate template that you want to use.
If you have any attributes to add to the certificate request, enter them into Additional Attributes.
Do one of the following:
- If the Certificate Pending Web page
appears, see Check on a Pending
- If the Certificate Issued Web page
appears, click Download certificate chain. Save the file to
your hard disk, and then import the certificate into your
certificate store. For the procedure to import a certificate, see
- If the Certificate Pending Web page appears, see Check on a Pending Certificate Request.
- User certificates can be managed by the user
or by an administrator. Certificates issued to a computer or
service can only be managed by an administrator or user who has
been given the appropriate permissions.
- The Web server for the CA must be configured
to use HTTPS authentication.
- If you submit the request and immediately get
a message asking you if you want to submit the request even though
it does not contain a BEGIN or END tag, click OK.