Submit an advanced certificate request via the Web to a Windows Server 2003 CA
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To submit an advanced certificate request via the Web to a Windows Server 2003 CA
Open Internet Explorer.
In Internet Explorer, connect to https://servername/certsrv, where servername is the name of the Web server running Windows Server 2003 where the certification authority that you want to access is located.
Click Request a certificate.
Click advanced certificate request.
Click Create and submit a certificate request to this CA.
Fill in any identifying information requested and any other options you require.
Do one of the following:
If you see the Certificate Pending Web page, see Related Topics below for the procedure to check on a pending certificate.
If you see the Certificate Issued Web page, click Install this certificate.
If you are finished using the Certificate Services Web pages, close Internet Explorer.
To open Internet Explorer, click Start, point to All programs, and then click Internet Explorer.
Using the Advanced Certificate Request Web page, you can set the following options for each certificate requested:
The Certificate template (from an enterprise certification authorities) or Intended purposes (from a stand-alone certification authorities). Indicates what applications the public key in the certificate can be used for, such as client authentication or e-mail.
The Cryptographic service provider (CSP). A CSP is responsible for creating keys, destroying them, and using them to perform a variety of cryptographic operations. Each CSP provides a different implementation of the CryptoAPI. Some provide stronger cryptographic algorithms, while others use hardware components, such as smart cards
Key size. The length, in bits, of the public key on the certificate. In general, the longer the key, the more secure it is.
The Hash algorithm. A good hash algorithm makes it computationally infeasible to construct two independent inputs that have the same hash. Typical hash algorithms include MD2, MD4, MD5, and SHA-1.
Key usage. How the private key can be used. "Exchange" means that the private key can be used to enable the exchange of sensitive information. "Signature" means that the private key can be used only to create a digital signature. "Both" means that the key can be used for both exchange and signature functions.
Create a new key set or use an existing key set. You can use an existing public and private key pair stored on your computer or create a new public and private key pair for a certificate. For more information that compares reusing a key and generating a new key, see the resources on Certificates Resources.
Enable strong private key protection. When you enable strong private key protection, you will be prompted for a password every time the private key needs to be used.
Mark keys as exportable. When you mark keys as exportable, you can save the public and private key to a PKCS #12 file. This is useful if you change computers and want to move the key pair, or if you want to remove the key pair and secure them in another location.
Use the local machine store. Select this option if the computer will need access to the private key associated with the certificate when other users are logged on. Select this option when requesting certificates intended to be issued to computers (such as Web servers) instead of certificates issued to people.
Save the request to PKCS #10 file. This is useful if the certification authority is unavailable for processing certificate requests online. For information on creating and submitting a certificate request using a PKCS #10 file, see Related Topics.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
Using Windows Server 2003 Certificate Services Web pages
Save a certificate request to a Windows Server 2003 CA in a PKCS #10 file
Check on a pending certificate request to a Windows Server 2003 CA
Submit a user certificate request via the Web to a Windows Server 2003 CA
Request a certificate from a Windows Server 2003 CA using a PKCS #10 or PKCS #7 file
Use Windows 2000 Certificate Services Web Pages