Request a certificate using Certification Authority Web Enrollment
This article shows you how to request a certificate using the Certification Authority (CA) Web Enrollment Role Service in Windows Server. The CA Web Enrollment role service provides a set of web pages that allow interaction with the Certification Authority role service. To learn more about Certification Authority Web Enrollment, see What is the Certification Authority Role Service?.
Prerequisites
Before you can submit a request, you must meet the following requirements:
- Have a server that is a domain member with the Certificate Enrollment Web Service installed.
- Client computers must be running Windows or Windows Server.
Request a basic certificate
Using a web browser, connect to
https://<servername>/certsrv, where<servername>is the host name of the computer running the CA Web Enrollment role service.Select Request a certificate.
On the Request a Certificate page, select User Certificate.
On the User Certificate Identifying Information page, do one of the following:
Comply with the message "No further identifying information is required. To complete your certificate, select Submit."
Enter your identifying information for the certificate request.
(Optional) Select More Options to specify the cryptographic service provider (CSP) and choose if you want to enable strong private key protection. You receive a prompt every time you use the private key that is associated with the certificate.
Select Submit.
If you see the Certificate Issued web page, select Download certificate chain. Choose to save the file to your hard disk drive, and then import the certificate into your certificate store.
If you see the Certificate Pending web page, you can check the status of your request in the Check a pending certificate request section.
Request a certificate with advanced options
Using a web browser, connect to
https://<servername>/certsrv, where<servername>is the host name of the computer running the CA Web Enrollment role service.Select Request a certificate.
Select Advanced certificate request.
Select Create and submit a certificate request to this CA.
Fill in the requested identifying information and other options that you require.
Select Submit.
If you see the Certificate Issued web page, select Download certificate chain. Choose to save the file to your hard disk drive, and then import the certificate into your certificate store.
If you see the Certificate Pending web page, you can check the status of your request in the following section.
Check a pending certificate request
Using a web browser, open
https://<servername>/certsrv, where<servername>is the hostname of the computer running the CA Web Enrollment role service.Select View the status of a pending certificate request.
If there are no pending certificate requests, a message appears to confirm there are no pending request. Otherwise, select the certificate request that you want to check, and select Next.
Check the following pending certificate requests:
Still pending. You must wait for the administrator of the certification authority to issue the certificate. To remove the certificate request, select Remove.
Issued. To install the certificate, select Install this certificate.
Denied. Contact the administrator of the certification authority for further information.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for