Followers

How to use web enrollment pages to submit a certificate request to an enterprise CA

To submit a certificate request that contains a SAN to an enterprise CA, follow these steps:
  1. Open Internet Explorer.
  2. In Internet Explorer, connect to http://servername/certsrv.

    Note The placeholder servername represents the name of the web server that is running Windows Server 2003 and that has the CA that you want to access.
  3. Click Request a Certificate.
  4. Click Advanced certificate request.
  5. Click Create and submit a request to this CA.
  6. In the Certificate Template list, click Web Server.

    Note The CA must be configured to issue web server certificates. You may have to add the Web Server template to the Certificate Templates folder in the Certification Authority snap-in if the CA is not already configured to issue web server certificates.
  7. Provide identifying information as required.
  8. In the Name box, type the fully qualified domain name of the domain controller.
  9. Under Key Options, set the following options:
    • Create a new key set
    • CSP: Microsoft RSA SChannel Cryptographic Provider
    • Key Usage: Exchange
    • Key Size: 1024 - 16384
    • Automatic key container name
    • Store certificate in the local computer certificate store
  10. Under Advanced Options, set the request format to CMC.
  11. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:
    san:dns=dns.name[&dns=dns.name]
    Multiple DNS names are separated by an ampersand (&). For example, if the name of the domain controller is corpdc1.fabrikam.com and the alias is ldap.fabrikam.com, both names must be included in the SAN attributes. The resulting attribute string is displayed as follows:
    san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com
  12. Click Submit.
  13. If you see the Certificate Issued  webpage, click Install this Certificate.

How to use web enrollment pages to submit a certificate request to a stand-alone CA

To submit a certificate request that includes a SAN to a stand-alone CA, follow these steps:
  1. Open Internet Explorer.
  2. In Internet Explorer, connect to http://servername/certsrv.

    Note The placeholder servername represents the name of the web server that is running Windows Server 2003 and that has the CA that you want to access.
  3. Click Request a Certificate.
  4. Click Advanced certificate request.
  5. Click Create and submit a request to this CA.
  6. Provide identifying information as required.
  7. In the Name box, type the fully qualified domain name of the domain controller.
  8. In the Type of Certificate Needed Server list, click Server Authentication Certificate.
  9. Under Key Options, set the following options:
    • Create a new key set
    • CSP: Microsoft RSA SChannel Cryptographic Provider
    • Key Usage: Exchange
    • Key Size: 1024 - 16384
    • Automatic key container name
    • Store certificate in the local computer certificate store
  10. Under Advanced Options, set the request format as CMC.
  11. In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:
    san:dns=dns.name[&dns=dns.name]
    Multiple DNS names are separated by an ampersand (&). For example, if the name of the domain controller is corpdc1.fabrikam.com and the alias is ldap.fabrikam.com, both names must be included in the SAN attributes. The resulting attribute string is displayed as follows:
    san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com
  12. Click Submit.
  13. If the CA is not configured to issue certificates automatically, a Certificate Pending webpage is displayed and requests that you wait for an administrator to issue the certificate that was requested.

    To retrieve a certificate that an administrator has issued, connect to http://servername/certsrv, and then click Check on a Pending Certificate. Click the requested certificate, and then click Next.

    If the certificate was issued, the Certificate Issued webpage is displayed. Click Install this Certificate to install the certificate.
Source:
www.technet.microsoft.com

Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

No comments:

Post a Comment