Historical Content Alert

This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.

Creating and Submitting a Certificate Request

Certificate requests can be created and submitted through a variety of means such as HTML-based or file-based requests, depending on what kind of certificate is needed and who is requesting the certificate. The following is a simple example that illustrates the process of generating and submitting a certificate request.

To demonstrate the process of generating and submitting a certificate request, Microsoft® Internet Information Server (IIS) Key Manager and the CertReq program will be used to request a server certificate. Key Manager can be used to generate a certificate request file by creating a new key pair.

IIS must first install a Certificate Authority (CA) certificate according to the process described in Server Installation of CA Certificates. Then a server certificate can be obtained.

Note In this release, the Web Server Enrollment Page can also be used to submit the certificate request.

To create a certificate request file
  1. Start IIS Internet Server Manager

  2. Access the IIS virtual root.

  3. Run IIS Key Manager from the Internet Service Manager user interface. (There is a toolbar button for Key Manager in the Microsoft Management Console, for which Internet Service Manager is a snap-in.)

  4. Use Key Manager to generate a key pair and certificate request. The request file, NewKey.req, will be created in the root directory.

Run CertReq to submit the certificate request to Microsoft Certificate Server and obtain a certificate by entering the following:

certreq NewKey.req NewCert.crt

For more details of how to use CertReq see Requesting Certificates with CertReq.

If Certificate Server accepts the request submitted by CertReq, the certificate file, NewCert.crt, will be created. The certificate file can then be installed into IIS using Key Manager. Once installed, the server certificate will allow any client to perform server authentication when accessing the server (after the client installs a Certificate Authority (CA) root certificate and completes an enrollment process that installs a client certificate in their application). For more information, see Web Browser Certification.

Share this article: