This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
After installing Certification services and creating a Standalone CA on a Windows Server 2016 or Windows Server 2019 server member of Workgroup what else should I do in order to allow other servers request certificates?
Should I install Certification Authority Web Enrollment, Certification Enrollment Web Services or both?
Which certificate should I use to enable HTTPS access to the certsrv site?
I found many pages describing the steps in an AD domain environment, very few for a Standalone CA in Workgroup environment.
Source Link :https://social.technet.microsoft.com/Forums/en-US/79db9f85-1740-4bea-af91-0964ea94de1b/web-enrollment-for-a-standalone-ca?forum=winserversecurity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Based on my research the CA Web Enrollment role service will be helpful.
Certification Enrollment Web Services used with ADDS together.The computer on which the Certificate Enrollment Web Service is to be installed must be a member of the domain and must be running Windows Server 2008 R2 or Windows Server 2012.
For a stand alone CA,the CA Web Enrollment role service will be helpful.This service allow you to connect to the CA by using a web browser and performing common tasks, such as:
Requesting certificates from the CA.
Requesting the CA's certificate.
Submitting a certificate request by using a PKCS #10 file.
Retrieving the CA's certificate revocation list (CRL).
CA Web Enrollment is useful when you interact with a stand-alone CA because the Certificates Microsoft Management Console (MMC) snap-in cannot be used to interact with a stand-alone CA. Enterprise CAs can accept certificate requests through the Certificates snap-in or the CA Web Enrollment role service pages.
The Certification Authority (CA) Web Enrollment role service provides a set of web pages that allow interaction with the Certification Authority role service. These web pages are located at https://<servername>/certsrv, where <servername> is the name of the server that hosts the hosts the CA Web Enrollment pages.
For more information you can refer to the following links:
Certificate Enrollment Web Service Guidance
Certificate Enrollment Web Services
Certification Authority Web Enrollment Guidance
How Certification Authority Web Enrollment Differs from Certificate Enrollment Web Services
Also,to the certificates ,the clients should also trust the CA manually.You can refer to the steps in the following link:
Installing the trusted root certificate