Using Windows Server 2003 Certificate Services Web pages
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Using Windows Server 2003 Certificate Services Web pages
By default, every Windows Server 2003 certification authority has Web pages available for users and administrators. These can be used to perform a variety of tasks related to requesting certificates. These Web pages are located at https://servername/certsrv, where servername is the name of the server that hosts the certification authority. The certsrv portion of the URL should always be in lowercase letters; otherwise, users may have trouble checking and retrieving pending certificates. Users can access these Web pages using Microsoft Internet Explorer version 5.0 and greater, or Netscape Navigator version 3.01 and greater.
The Web pages are the only way for users to request certificates from stand-alone certification authorities. They are optional for users who want to request certificates from enterprise certification authorities. For more information about certification authorities, see Certificates and certification authorities.
If you have been granted access permissions, you can perform the following tasks from these Web pages:
Request a basic certificate. For more information, see Submit a user certificate request via the Web to a Windows Server 2003 CA.
Request a certificate with advanced options. For more information, see Submit an advanced certificate request via the Web to a Windows Server 2003 CA.
This gives you greater control over the certificate request. Some of the user-selectable options available in an advanced certificate request include:
Cryptographic service provider (CSP) options. The name of the cryptographic service provider, the key size (512, 1024, and so on), the hash algorithm (SHA/RSA, SHA/DSA, MD2, MD5) and the key spec (exchange or signature).
Key generation options. Create a new key set or use an existing key set, mark the keys as exportable, enable strong key protection, and use the local computer store to generate the key.
Additional options. Save the request to a PKCS #10 file or add any specific attributes you want to add to the certificate.
Netscape clients cannot use the advanced option Web pages.
Check on a pending certificate request to a Windows Server 2003 CA. If you have submitted a certificate request to a stand-alone certification authority, you will need to check the status of the pending request to see if the certification authority has issued the certificate. If the certificate has been issued, it will be available for you to install it. For more information, see Check on a pending certificate request to a Windows Server 2003 CA.
Retrieve the certification authority's certificate to place in your trusted root store or install the entire certificate chain in your certificate store. For more information, see Retrieve a certification authority certificate from a Windows Server 2003 CA.
Retrieve the current base certificate revocation list (CRL) and delta CRL. For more information, see Retrieve a certificate revocation list from a Windows Server 2003 CA.
Submit a certificate request using a PKCS #10 file or a PKCS #7 file. For more information, see Request a certificate from a Windows Server 2003 CA using a PKCS #10 or PKCS #7 file.
(For administrators only) Request a certificate for a smart card on behalf of another user. For more information, see Set up a smart card for user logon.