Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to request certificates using the Certification Authority (CA) Web Enrollment Role Service in Windows Server. The CA Web Enrollment role service provides web pages to interact with the Certification Authority role service. Learn more about the Certification Authority Web Enrollment role service in What is the Certification Authority role service?.
Prerequisites
Before you can submit a request, you must meet the following requirements:
- Have a server that is a domain member with the Certificate Enrollment Web Service installed.
- Client computers must be running Windows or Windows Server.
Request a basic certificate
Using a web browser, connect to
https://<servername>/certsrv
, where<servername>
is the host name of the computer running the CA Web Enrollment role service.Select Request a certificate.
On the Request a Certificate page, select User Certificate.
On the User Certificate Identifying Information page, follow one of these steps:
If the message "No further identifying information is required. To complete your certificate, select Submit." appears, select Submit.
Enter your identifying information for the certificate request.
(Optional) Select More Options to specify the cryptographic service provider (CSP) and enable strong private key protection if needed. You receive a prompt every time you use the private key that is associated with the certificate.
Select Submit.
If you see the Certificate Issued web page, select Download certificate chain. Save the file to your hard disk drive, then import the certificate into your certificate store.
If you see the Certificate Pending web page, check the status of your request in the Check a pending certificate request section.
Request a certificate with advanced options
Open a web browser and go to
https://<servername>/certsrv
, where<servername>
is the hostname of the computer running the CA Web Enrollment role service.Select Request a certificate.
Select Advanced certificate request.
Select Create and submit a certificate request to this CA.
Fill in the requested identifying information and other options that you require.
Select Submit.
If you see the Certificate Issued web page, select Download certificate chain. Save the file to your hard disk drive, then import the certificate into your certificate store.
If you see the Certificate Pending web page, you can check the status of your request in the following section.
Check a pending certificate request
Using a web browser, open
https://<servername>/certsrv
, where<servername>
is the hostname of the computer running the CA Web Enrollment role service.Select View the status of a pending certificate request.
If there are no pending certificate requests, a message confirms there are no pending requests. Otherwise, select the certificate request that you want to check, and select Next.
Check the following pending certificate requests:
Still pending. Wait for the certification authority administrator to issue the certificate. To remove the certificate request, select Remove.
Issued. To install the certificate, select Install this certificate.
Denied. Contact the administrator of the certification authority for further information.