When you request certificates from a Windows-based stand-alone certification authority (CA), you use the CA Web enrollment pages. Web enrollment pages can also be used to request certificates from enterprise CAs if you want to set optional request features that are not available in the Certificate Request Wizard, such as marking the keys as exportable, setting key length, choosing the hash algorithm, or saving the request to a file.
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.
|To submit a user certificate request over the Web|
Open a Web browser.
Open https://servername/certsrv, where servername is the name of the server hosting the CA Web enrollment pages.
Click Request a certificate.
On Request a Certificate, select the type of certificate you want:
- If the CA is an enterprise CA, click User
- If the CA is a stand-alone CA, select either Web Browser
Certificate or E-Mail Protection Certificate.
- If the CA is an enterprise CA, click User Certificate.
On the Identifying Information page, enter your identifying information for the certificate request, if needed.
(Optional) Click More Options to specify the cryptographic service provider (CSP) and whether you want to enable strong private key protection. (This means that you will receive a prompt every time that the private key is used.)
Do one of the following:
- If the Certificate Pending Web page
appears, see Check on a Pending
Certificate Request for the procedure to check on a pending
- If the Certificate Issued Web page
appears, click Install this certificate.
- If the Certificate Pending Web page appears, see Check on a Pending Certificate Request for the procedure to check on a pending certificate.
- In order for a user to obtain a certificate
by using Web enrollment, an administrator must set the appropriate
permissions on the certificate templates on which the requested
certificate is based.