Obtain a Digital Certificate from an Online Certificate Authority (CA)

Daniel Petri

Jan 8, 2009

How do I obtain a Digital Certificate from my Certificate Authority (CA)?
This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.

As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.
Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.
User Digital Certificates are valid for different purposes, including:

Allowing data on disk to be encrypted
Protecting e-mail messages
Proving the user’s identity to a remote computer

Method #1 – By using a custom MMC

In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.
In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:

Go to the Start menu > Run > type MMC and press Enter.
In the MMC window, go to the File menu and select Add/Remove Snap-In.
In the Add/Remove Snap-In window press the Add button.
Select Certificates from the available list of snap-ins and click Add.
In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
Expand Certificates – Current User > Personal.

Note: There may be a Certificate folder under the Personal folder. Ignore it for now.

Right-click the Personal folder and select All Tasks > Request New Certificate.

In the Certificate Request wizard click Next.

In the Certificates Type select User.

Note: Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.

In the Friendly name type a name for the certificate, for example “Daniel’s User Certificate” or similar.

Lamer note: Use your own name… duh…

Click Next.

In the final page of the wizard click Finish. If all went well (and there is no reason why it won’t) you’ll get a confirmation message. Acknowledge it.

You now have a new Digital Certificate. You can view it by going to the Certificates – Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.

Method #2 – By using a web browser

In this method a user will need to open his or her web browser and surf to a given URL – that in fact is the URL for the online CA.
In order to obtain a Digital Certificate by use of a a web browser please perform the following steps:

Open an Internet browser such as Internet Explorer, Opera or Firefox.
In the address bar type the following URL:

http://server_name/certsrv
where server_name is the FQDN or the IP of the server that is hosting the CA.

In the Welcome screen click “Request a certificate”.

In the “Request a certificate” screen click “User Certificate”.

In the “User Certificate – Identifying Information” window, if a warning message appears telling you that there is a Potential Scripting Violation click Yes.

Click Submit.

In the “Certificate Issued” window click on “Install this certificate”.

When the “Certificate Installed” window screen close the browser window.

You now have a new Digital Certificate. You can view it by going to the Tools > Internet Options > Content tab within the current Internet Explorer window. Click on the Certificates button. Look for the new certificate in the Personal tab, double-click on it and inspect the information found within.

You can also choose to export your new certificate by selecting the certificate and pressing the Export button.