Request a certificate using a PKCS #10 or PKCS #7 file

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To request a certificate using a PKCS #10 or PKCS #7 file

  1. Open Internet Explorer.

  2. In Address, type https://servername/certsrv, where servername is the name of the Windows 2000 Web server where the certification authority (CA) you want to access is located.

  3. Click Request a certificate, and then click advanced certificate request.

  4. Click Submit a certificate request using a base64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

  5. Do one of the following:

    • Open Notepad. On the File menu, click Open. Select the PKCS #10 or PKCS #7 file and click Open. On the Edit menu, click Select all, and then, on the Edit menu, click Copy. On the Web page, click in the Saved request scroll box. On the Edit menu, click Paste to paste the contents of certificate request into the scroll box.

    • If your Web browser security settings do not prohibit a Web page from accessing your disk, you can click Browse for a file to insert to locate the file you want to use for the certificate request. If you get a warning about the ActiveX control, click Yes to allow it to run, then click Browse. After locating and selecting the file you want to use for the certificate request, click Read!. On the Web page, click Read! to paste the contents of the file into the scroll box. See the note about using Browse.

  6. If you are connected to an enterprise CA, choose the certificate template you want to use.

  7. Click Submit.

  8. Do one of the following:

    • If you see the Certificate Pending Web page, see Related Topics below for the procedure to check on a pending certificate.

    • If you see the Certificate Issued Web page, click Download certificate. Choose to save the file to your hard disk, and then import the certificate into your certificate store. For the procedure to import a certificate, see Related Topics.

Notes

  • To open Internet Explorer, click Start, point to All programs, and then click Internet Explorer.

  • To open Notepad, click Start, point to All programs, point to Accessories, and then click Notepad.

  • In general, you use a PKCS #10 file to submit a request for a new certificate and a PKCS #7 file to submit a request to renew an existing certificate. Submitting requests with files is useful when the certificate requester is unable to submit a request online to the certification authority.

  • If you use a PKCS #7 file to submit a request to renew an existing certificate, the renewal request file must be generated by a program. This procedure will not work with a PKCS #7 file that merely contains an exported certificate.

  • You might need to make https://servername a trusted site for Internet Explorer in order to browse for a file on the computer's disk drive. To make https://servername a trusted site, in Internet Explorer, click Tools, then point to Internet Options, point to Security, point to Trusted Sites, and click Sites. Type https://servername, and click OK.

  • If you submit the request and immediately get a message asking you if you want to submit the request even though it does not contain a "BEGIN" or "END" tag, click OK.

  • For the procedure to export a certificate to create a PKCS #7 file, see Related Topics.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Using Windows 2000 Certificate Services Web pages
Save a certificate request to a PKCS #10 file
Export a certificate
Import a certificate
Importing and exporting certificates
Use Windows Server 2003 Certificate Services Web Pages