Certificate requests can be created and submitted through a variety of means such as HTML-based or file-based requests, depending on what kind of certificate is needed and who is requesting the certificate. The following is a simple example that illustrates the process of generating and submitting a certificate request.
To demonstrate the process of generating and submitting a certificate request, Microsoft® Internet Information Server (IIS) Key Manager and the CertReq program will be used to request a server certificate. Key Manager can be used to generate a certificate request file by creating a new key pair.
IIS must first install a Certificate Authority (CA) certificate according to the process described in Server Installation of CA Certificates. Then a server certificate can be obtained.
Note In this release, the Web Server Enrollment Page can also be used to submit the certificate request.
Run CertReq to submit the certificate request to Microsoft Certificate Server and obtain a certificate by entering the following:
certreq NewKey.req NewCert.crt
For more details of how to use CertReq see Requesting Certificates with CertReq.
If Certificate Server accepts the request submitted by CertReq, the certificate file, NewCert.crt, will be created. The certificate file can then be installed into IIS using Key Manager. Once installed, the server certificate will allow any client to perform server authentication when accessing the server (after the client installs a Certificate Authority (CA) root certificate and completes an enrollment process that installs a client certificate in their application). For more information, see Web Browser Certification.