One of the most important and common duties of a certification authority (CA) administrator or certificate manager is to review pending certificate requests to decide whether the requested certificate should be issued or not.

In most cases, for security reasons, it is strongly recommended that all incoming certificate requests to a stand-alone CA be marked as pending. Unlike enterprise CAs, stand-alone CAs do not use Active Directory Domain Services (AD DS), even if it is available, to verify that an individual or computer is authorized to be issued a certificate from the CA automatically. For stand-alone CAs, the CA administrator is responsible for verifying the identity of the certificate requester.

You must be a CA administrator or certificate manager to complete this procedure. For more information, see Implement Role-Based Administration.

To review pending certificate requests
  1. Open the Certification Authority snap-in.

  2. In the console tree, click Pending Requests.

  3. In the details pane, examine each certificate request by noting the values for requester name, requester e-mail address, and any other fields that you consider critical information for issuing the certificate.

Additional considerations

  • Failed certificate requests can also be issued by using the same procedure in the Failed Requests container. However, not all of the security requirements for the certificate can be verified when issuing a failed request. Caution should be used.

Additional references