Search the Petri IT Knowledgebase
search icon

close

Windows

Cloud

Microsoft 365

PowerShell

Active Directory

Security

Windows Server

Video

Microsoft Teams Day is back!

Register today!
Icon for Live Conference on December 8!

Live Conference on December 8!

GET-IT Microsoft Teams Conference

Icon for Live Webinar on Nov. 29th!

Live Webinar on Nov. 29th!

MVP Panel Talk: Do You Need to Backup Microsoft 36...

Icon for Live Webinar Coming Dec. 14th!

Live Webinar Coming Dec. 14th!

Recession Proof Your IT: How to Reduce IT Costs Wi...

Icon for New E-Book

New E-Book

Tracking Tasks in Microsoft 365

Home

Security

Obtain a Digital Certificate from an Online Certificate Authority (CA)

Daniel Petri

 |

Jan 8, 2009

How do I obtain a Digital Certificate from my Certificate Authority (CA)?
This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.

As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.
Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.
User Digital Certificates are valid for different purposes, including:

  • Allowing data on disk to be encrypted
  • Protecting e-mail messages
  • Proving the user’s identity to a remote computer

Method #1 – By using a custom MMC

In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.
In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:

  1. Go to the Start menu > Run > type MMC and press Enter.
  2. In the MMC window, go to the File menu and select Add/Remove Snap-In.
  3. In the Add/Remove Snap-In window press the Add button.
  4. Select Certificates from the available list of snap-ins and click Add.
  5. In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
  6. Expand Certificates – Current User > Personal.

Note: There may be a Certificate folder under the Personal folder. Ignore it for now.

  1. Right-click the Personal folder and select All Tasks > Request New Certificate.

  1. In the Certificate Request wizard click Next.

  1. In the Certificates Type select User.

Note: Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.

  1. In the Friendly name type a name for the certificate, for example “Daniel’s User Certificate” or similar.

Lamer note: Use your own name… duh…

Click Next.

  1. In the final page of the wizard click Finish. If all went well (and there is no reason why it won’t) you’ll get a confirmation message. Acknowledge it.


You now have a new Digital Certificate. You can view it by going to the Certificates – Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.


Method #2 – By using a web browser

In this method a user will need to open his or her web browser and surf to a given URL – that in fact is the URL for the online CA.
In order to obtain a Digital Certificate by use of a a web browser please perform the following steps:

  1. Open an Internet browser such as Internet Explorer, Opera or Firefox.
  2. In the address bar type the following URL:

http://server_name/certsrv
where server_name is the FQDN or the IP of the server that is hosting the CA.

  1. In the Welcome screen click “Request a certificate”.

  1. In the “Request a certificate” screen click “User Certificate”.

  1. In the “User Certificate – Identifying Information” window, if a warning message appears telling you that there is a Potential Scripting Violation click Yes.


Click Submit.

  1. In the “Certificate Issued” window click on “Install this certificate”.

  1. When the “Certificate Installed” window screen close the browser window.

You now have a new Digital Certificate. You can view it by going to the Tools > Internet Options > Content tab within the current Internet Explorer window. Click on the Certificates button. Look for the new certificate in the Personal tab, double-click on it and inspect the information found within.

You can also choose to export your new certificate by selecting the certificate and pressing the Export button.

Related articles

You might also want to read the following related articles:

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

More in Security

Security

How to Enable Windows 11 Config Lock on Secured-Core PCs

Dec 2, 2022 | Dean Ellerby

Network Security

Microsoft Defender Vulnerability Management Now Supports Firmware Assessments

Nov 29, 2022 | Rabia Noureen

Cloud Computing and Security

Microsoft Entra Workload Identities Service is Now Generally Available

Nov 29, 2022 | Rabia Noureen

Security

Microsoft Authenticator to Enable Number Matching Security Feature by Default in February 2023

Nov 21, 2022 | Rabia Noureen

Cloud Computing

Microsoft Defender for Endpoint Adds Network Protection on iOS and Android

Nov 11, 2022 | Rabia Noureen

Network Security

What is a Software-Defined Perimeter?

Nov 11, 2022 | Sukesh Mudrakola

Most popular on petri

Article saved!

Access saved content from your profile page. View Saved

Reach out

Learn More

Sitemap

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy