How to manually create client certificate on Ca server?

Question

Now I have a "Windows 10 device" and a "CA server".

I want to 1) manually create a client certificate on the CA server and 2) manually import this client certificate on the Windows 10 device.

Can share the specific steps?

Thanks.

Answer 1

Hi James Chan_110,

Certainly! Below are the general steps to manually create a client certificate on a Certificate Authority (CA) server and then import that certificate on a Windows 10 device:

Step 1: Manually Create a Client Certificate on the CA Server

1. Access the CA Server:
   • Log in to the CA server where you have the Certificate Authority role installed.
2. Open Certification Authority MMC Snap-in:
   • Press Windows Key + R to open the Run dialog.
   • Type mmc and press Enter.
   • In the MMC console, go to File > Add/Remove Snap-in.
   • Select "Certificates" and click "Add >".
   • Choose "Computer account" and click "Next >".
   • Select "Local computer" and click "Finish".
   • Click "OK" to close the Add or Remove Snap-ins window.
3. Request a New Certificate:
   • In the MMC console, expand "Certificates (Local Computer)" and navigate to Personal > Certificates.
   • Right-click on the right pane and choose All Tasks > Request New Certificate.
   • Follow the Certificate Enrollment wizard.
     • Select "User" or "Computer" certificate based on your requirements.
     • Complete the wizard by providing necessary information (common name, etc.).
     • Submit the request to the CA.
4. Approve the Certificate Request:
   • On the CA server, open the Certification Authority MMC snap-in.
   • Navigate to Pending Requests.
   • Right-click on the pending request, and choose All Tasks > Issue.
5. Retrieve the Issued Certificate:
   • Once the certificate is issued, navigate to Issued Certificates.
   • Locate and right-click on the issued certificate, then choose All Tasks > Export.
   • Save the certificate with a .pfx extension and provide a password.

Step 2: Manually Import the Client Certificate on the Windows 10 Device

1. Transfer the Certificate to the Windows 10 Device:
   • Copy the exported .pfx file to the Windows 10 device using a secure method.
2. Install the Certificate:
   • Double-click the .pfx file on the Windows 10 device.
   • In the Certificate Import Wizard, select "Current User" or "Local Machine" based on your requirements and click "Next".
   • Enter the password you set during the export process.
   • Choose "Automatically select the certificate store based on the type of certificate" and click "Next".
   • Click "Finish" to complete the import.
3. Verify the Certificate Installation:
   • Open the "Certificate Manager" on the Windows 10 device (Windows Key + R, type certmgr.msc, and press Enter).
   • Navigate to Personal > Certificates.
   • Verify that the imported certificate is listed.

Now, the client certificate should be successfully installed on the Windows 10 device. This certificate can be used for secure communication or authentication depending on your specific use case.

Regards.

Answer 2

Hello James Chan_110,

Thank you for posting in Q&A forum.

You can also set the certificate template and enroll certificate on client machine.

On CA server:
1.Open Certification Authority console.
2.And find Certificate Template container.
3.Right click Certificate Templates container and select Manage.

4.Duplicate one certificate you need and set some information.

5.Give the client read and enroll permission on your certificate template.

6.Issue certificate template you duplicated.

On client：
1.Open certlm.msc console.
2.Right click Personal container under Certificates - Local Computer and All tasks\Request New Certificate.
3.Select the certificate template during Certificate Enrollment wizard.

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou