How do I obtain a Digital Certificate from my Certificate Authority (CA)?-蒲公英云

How do I obtain a Digital Certificate from my Certificate Authority (CA)?

This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.

Get Real-Time Insight Into Your Exchange Server’s Health

SolarWinds FREE Exchange Monitor continuously monitors Microsoft® Exchange.

Exchange Monitor Delivers real-time insight into Exchange services, mail queue sizes, and host server health. Ensure this mission-critical app never fails.

Get the Free Download Here!

As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.

Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.

User Digital Certificates are valid for different purposes, including:

Allowing data on disk to be encrypted
Protecting e-mail messages
Proving the user’s identity to a remote computer

Method #1 - By using a custom MMC

In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.

In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:

Go to the Start menu > Run > type MMC and press Enter.
In the MMC window, go to the File menu and select Add/Remove Snap-In.
In the Add/Remove Snap-In window press the Add button.
Select Certificates from the available list of snap-ins and click Add.
In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
Expand Certificates - Current User > Personal.

Note: There may be a Certificate folder under the Personal folder. Ignore it for now.

Right-click the Personal folder and select All Tasks > Request New Certificate.

In the Certificate Request wizard click Next.

In the Certificates Type select User.

Note: Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.

In the Friendly name type a name for the certificate, for example “Daniel’s User Certificate” or similar.

Lamer note: Use your own name… duh…

Click Next.

In the final page of the wizard click Finish. If all went well (and there is no reason why it won’t) you’ll get a confirmation message. Acknowledge it.

You now have a new Digital Certificate. You can view it by going to the Certificates - Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.

Method #2 - By using a web browser

In this method a user will need to open his or her web browser and surf to a given URL - that in fact is the URL for the online CA.

In order to obtain a Digital Certificate by use of a a web browser please perform the following steps:

Open an Internet browser such as Internet Explorer, Opera or Firefox.
In the address bar type the following URL:

http://*server\_name*/certsrv

where server_name is the FQDN or the IP of the server that is hosting the CA.

In the Welcome screen click “Request a certificate”.

In the “Request a certificate” screen click “User Certificate”.

In the “User Certificate - Identifying Information” window, if a warning message appears telling you that there is a Potential Scripting Violation click Yes.

Click Submit.

In the “Certificate Issued” window click on “Install this certificate”.

When the “Certificate Installed” window screen close the browser window.

You now have a new Digital Certificate. You can view it by going to the Tools > Internet Options > Content tab within the current Internet Explorer window. Click on the Certificates button. Look for the new certificate in the Personal tab, double-click on it and inspect the information found within.