The following procedures provide the steps to obtain a certificate from a stand-alone certification authority (CA) by using Certificate Services, which is a component of Windows 2000 Server and Windows Server 2003. The procedures need to be performed in the following order:

To request a certificate from a stand-alone CA

  1. Log on to the computer where you want to install a certificate (for example, gateway server or management server).

  2. Start Internet Explorer, and connect to the computer hosting Certificate Services (for example, http://<servername>/certsrv).

  3. On the Microsoft Certificate Services Welcome page, click Request a certificate.

  4. On the Request a Certificate page, click Or, submit an advanced certificate request.

  5. On the Advanced Certificate Request page, click Create and submit a request to this CA.

  6. On the Advanced Certificate Request page, do the following:

    1. Under Identifying Information, in the Name field, enter a unique name, for example the fully qualified domain name (FQDN) of the computer you are requesting the certificate for. For the remaining fields, enter the appropriate information.

      Note
      Event ID 20052 of type Error is generated if the FQDN entered into the Name field does not match the computer name.
    2. Under Type of Certificate Needed, click the list and select Other. In the OID field, enter 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2.

    3. Under Key Options, click Create a new key set; in the CSP field, select Microsoft Enhanced Cryptographic Provider v1.0; under Key Usage, select Both; under Key Size, select 1024; select Automatic key container name; select Mark keys as exportable; clear Export keys to file; clear Enable strong private key protection; and then click Store certificate in the local computer certificate store.

    4. Under Additional Options, under Request Format, select CMC; in the Hash Algorithm list, select SHA-1; clear Save request to a file; and then in the Friendly Name field, enter the fully qualified domain name (FQDN) of the computer that you are requesting the certificate for.

    5. Click Submit.

    6. If a Potential Security Violation dialog box is displayed, click Yes.

    7. After the Certificate Pending page displays, close the browser.

To approve the pending certificate request

  1. Log on to the computer hosting Certificate Services as a Certification Authority Administrator.

  2. On the Windows desktop, click Start, point to Programs, point to Administrative Tools, and then click Certification Authority.

  3. In Certification Authority, expand the node for your certification authority name, and then click Pending Requests.

  4. In the results pane, right-click the pending request from the previous procedure, point to All Tasks, and then click Issue.

  5. Click Issued Certificates, and confirm the certificate you just issued is listed.

  6. Close Certification Authority.

To retrieve the certificate

  1. Log on to the computer where you want to install a certificate; for example, gateway server or management server.

  2. Start Internet Explorer, and then connect to the computer hosting Certificate Services (for example, http://<servername>/certsrv).

  3. On the Microsoft Certificate Services Welcome page, click View the status of a pending certificate request.

  4. On the View the Status of a Pending Certificate Request page, click the certificate you requested.

  5. On the Certificate Issued page, click Install this certificate.

  6. In the Potential Scripting Violation dialog box, click Yes.

  7. On the Certificate Installed page, after you see the message that Your new certificate has been successfully installed, close the browser.

See Also


Did you find this information useful? Please send your suggestions and comments about the documentation.