Share via


Request a Certificate

Applies To: Windows Server 2008

Requesting certificates through the Certificates snap-in is a simple process that involves a few straightforward steps involving the Certificate Enrollment Wizard. You can request any type of certificate that has been preconfigured and made available by an administrator of the certification authority (CA) that will process the certificate request.

Users or local Administrators are the minimum group memberships required to complete this procedure. Review the details in "Additional considerations" in this topic.

To request a certificate

  1. Open the Certificates snap-in for a user or computer.

  2. In the console tree, click Certificates - Current User or Certificates (Local Computer). Select the Personal certificate store.

  3. On the Action menu, point to All Tasks, and then click Request New Certificate to start the Certificate Enrollment Wizard. Click Next.

  4. Select the types of certificates that you want to request.

  5. You can click Details to review additional information about each certificate.

    If a caution symbol appears below the certificate, you might need to provide additional information before requesting that type of certificate. Click the More information is required to enroll for this certificate. Click here to configure message and provide the requested information, such as the location of a valid signing certificate.

  6. To finish, click Enroll.

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.

  • To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC

  • You can use this procedure to request certificates from an enterprise certification authority only. To request certificates from a stand-alone CA, you need to request certificates by means of Web pages. A Windows CA has its Web pages located at https://servername/certsrv, where servername is the name of the server hosting the CA.

  • You can use this procedure to request certificates based on templates where the subject name is generated by Windows only. To request a certificate based on a template configured to obtain the subject name from the subject, you need to request certificates by means of Web pages.

  • If the requested certificate type requires approval before it is issued, you need to retrieve the completed certificate via Web pages. A Windows CA has its Web pages located at https://servername/certsrv, where servername is the name of the server hosting the CA.

  • In order to request a Digital Signature Standard (DSS) certificate from an enterprise CA, you must select the User Signature Only certificate template in the Certificate Request Wizard.

Additional references