How do I obtain a Digital Certificate from my Certificate Authority (CA)?

How do I obtain a Digital Certificate from my Certificate Authority (CA)?

This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.

​​Get Real-Time Insight Into Your Exchange Server’s Health​​​​​​

SolarWinds FREE Exchange Monitor continuously monitors Microsoft® Exchange.

Exchange Monitor Delivers real-time insight into Exchange services, mail queue sizes, and host server health. Ensure this mission-critical app never fails.

​​Get the Free Download Here!​​

As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.

Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.

User Digital Certificates are valid for different purposes, including:

• • 
    
• Allowing data on disk to be encrypted
• Protecting e-mail messages
• Proving the user's identity to a remote computer
  • 
    

Method #1 - By using a custom MMC

In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.

In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:

1. 1. 
      
2. Go to the Start menu > Run > type MMC and press Enter.
3. In the MMC window, go to the File menu and select Add/Remove Snap-In.
4. In the Add/Remove Snap-In window press the Add button.
5. Select Certificates from the available list of snap-ins and click Add.
6. In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
7. Expand Certificates - Current User > Personal.
   1. 
      

Note: There may be a Certificate folder under the Personal folder. Ignore it for now.

7. Right-click the Personal folder and select All Tasks > Request New Certificate.

​​​​

7. In the Certificate Request wizard click Next.

​​​​

9. In the Certificates Type select User.

Note: Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.

​​​​

10. In the Friendly name type a name for the certificate, for example "Daniel's User Certificate" or similar.

Lamer note: Use your own name... duh...

​​​​

Click Next.

11. In the final page of the wizard click Finish. If all went well (and there is no reason why it won't) you'll get a confirmation message. Acknowledge it.

​​​​​ ​​​​

You now have a new Digital Certificate. You can view it by going to the Certificates - Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.

​​​​

​​Have You Tried Windows 7 Yet? Download Here.​​

Method #2 - By using a web browser

In this method a user will need to open his or her web browser and surf to a given URL - that in fact is the URL for the online CA.

In order to obtain a Digital Certificate by use of a a web browser please perform the following steps:

1. 1. 
      
2. Open an Internet browser such as Internet Explorer, Opera or Firefox.
3. In the address bar type the following URL:
   1. 
      

http://server_name/certsrv

where server_name is the FQDN or the IP of the server that is hosting the CA.

1. In the Welcome screen click "Request a certificate".

​​​​

1. In the "Request a certificate" screen click "User Certificate".

​​​​

1. In the "User Certificate - Identifying Information" window, if a warning message appears telling you that there is a Potential Scripting Violation click Yes.

​​​​​ ​​​​

Click Submit.

​​​​

1. In the "Certificate Issued" window click on "Install this certificate".

​​​​​ ​​​​

1. When the "Certificate Installed" window screen close the browser window.

You now have a new Digital Certificate. You can view it by going to the Tools > Internet Options > Content tab within the current Internet Explorer window. Click on the Certificates button. Look for the new certificate in the Personal tab, double-click on it and inspect the information found within.

​​​​​ ​​​​

You can also choose to export your new certificate by selecting the certificate and pressing the Export button.

​​​​​ ​​​​​ ​​​​​ ​​​​​ ​​​​

Related articles

What Doesn't Kill Me Makes Me Stronger