How do I obtain a Digital Certificate from my Certificate Authority (CA)?

「爱情、让人受尽委屈。」 2021-12-17 15:41 178阅读 0赞

This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.

[**Get Real-Time Insight Into Your Exchange Server’s Health**][Get Real-Time Insight Into Your Exchange Server_s Health] [![126.gif][]][Get Real-Time Insight Into Your Exchange Server_s Health]

SolarWinds **FREE Exchange Monitor** continuously monitors Microsoft® Exchange.  
  
Exchange Monitor Delivers real-time insight into Exchange services, mail queue sizes, and host server health. Ensure this mission-critical app never fails.

[Get the Free Download Here!][Get Real-Time Insight Into Your Exchange Server_s Health]

As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.

Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.

User Digital Certificates are valid for different purposes, including:

*  Allowing data on disk to be encrypted
 *  Protecting e-mail messages
 *  Proving the user's identity to a remote computer

### Method \#1 - By using a custom MMC ###

In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.

In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:

1.  Go to the Start menu > Run > type MMC and press Enter.
2.  In the MMC window, go to the File menu and select Add/Remove Snap-In.
3.  In the Add/Remove Snap-In window press the Add button.
4.  Select Certificates from the available list of snap-ins and click Add.
5.  In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
6.  Expand Certificates - Current User > Personal.

**Note:** There may be a Certificate folder under the Personal folder. Ignore it for now.

1.  Right-click the Personal folder and select All Tasks > Request New Certificate.

[![req_cert_mmc_small.gif][]][req_cert_mmc_small.gif 1]

1.  In the Certificate Request wizard click Next.

[![req_cert_mmc1_small.gif][]][req_cert_mmc1_small.gif 1]

1.  In the Certificates Type select User.

**Note:** Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.

[![req_cert_mmc2_small.gif][]][req_cert_mmc2_small.gif 1]

1.  In the Friendly name type a name for the certificate, for example "Daniel's User Certificate" or similar.

**Lamer note:** Use your own name... duh...

[![req_cert_mmc3_small.gif][]][req_cert_mmc3_small.gif 1]

Click Next.

1.  In the final page of the wizard click Finish. If all went well (and there is no reason why it won't) you'll get a confirmation message. Acknowledge it.

[![req_cert_mmc4_small.gif][]][req_cert_mmc4_small.gif 1] [![req_cert_mmc5_small.gif][]][req_cert_mmc5_small.gif 1]

You now have a new Digital Certificate. You can view it by going to the Certificates - Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.

[![req_cert_mmc6_small.gif][]][req_cert_mmc6_small.gif 1]

[ ][Link 1]

### Method \#2 - By using a web browser ###

In this method a user will need to open his or her web browser and surf to a given URL - that in fact is the URL for the online CA.

In order to obtain a Digital Certificate by use of a a web browser please perform the following steps:

1.  Open an Internet browser such as Internet Explorer, Opera or Firefox.
2.  In the address bar type the following URL:

http://*server\_name*/certsrv

where *server\_name* is the FQDN or the IP of the server that is hosting the CA.

1.  In the Welcome screen click "Request a certificate".

[![req_cert_ie_small.gif][]][req_cert_ie_small.gif 1]

1.  In the "Request a certificate" screen click "User Certificate".

[![req_cert_ie1_small.gif][]][req_cert_ie1_small.gif 1]

1.  In the "User Certificate - Identifying Information" window, if a warning message appears telling you that there is a Potential Scripting Violation click Yes.

[![req_cert_ie2_small.gif][]][req_cert_ie2_small.gif 1] [![req_cert_ie3_small.gif][]][req_cert_ie3_small.gif 1]

Click Submit.

[![req_cert_ie4_small.gif][]][req_cert_ie4_small.gif 1]

1.  In the "Certificate Issued" window click on "Install this certificate".

[![req_cert_ie5_small.gif][]][req_cert_ie5_small.gif 1] [![req_cert_ie6_small.gif][]][req_cert_ie6_small.gif 1]

1.  When the "Certificate Installed" window screen close the browser window.

You now have a new Digital Certificate. You can view it by going to the Tools > Internet Options > Content tab within the current Internet Explorer window. Click on the Certificates button. Look for the new certificate in the Personal tab, double-click on it and inspect the information found within.

[![req_cert_ie7_small.gif][]][req_cert_ie7_small.gif 1] [![req_cert_ie8_small.gif][]][req_cert_ie8_small.gif 1]

You can also choose to export your new certificate by selecting the certificate and pressing the Export button.

[![req_cert_ie9_small.gif][]][req_cert_ie9_small.gif 1] [![req_cert_ie10_small.gif][]][req_cert_ie10_small.gif 1] [![req_cert_ie11_small.gif][]][req_cert_ie11_small.gif 1] [![req_cert_ie12_small.gif][]][req_cert_ie12_small.gif 1] [![req_cert_ie13_small.gif][]][req_cert_ie13_small.gif 1]

### Related articles ###

转载于:https://www.cnblogs.com/kungfupanda/archive/2011/12/31/2268946.html

[Get Real-Time Insight Into Your Exchange Server_s Health]: http://www.petri.co.il/uri/?id=126&host=www.solarwinds.com
[126.gif]: https://www.cnblogs.com/media/126.gif
[req_cert_mmc_small.gif]: /images/20211217/fb0ead9bbaa4446684a1b4e6b1200bda.png
[req_cert_mmc_small.gif 1]: http://images.cnblogs.com/req_cert_mmc.gif
[req_cert_mmc1_small.gif]: /images/20211217/45c486a029644420aab0519b102b7f71.png
[req_cert_mmc1_small.gif 1]: http://images.cnblogs.com/req_cert_mmc1.gif
[req_cert_mmc2_small.gif]: /images/20211217/f73ed8db2bf94b4591a26ee6ca714568.png
[req_cert_mmc2_small.gif 1]: http://images.cnblogs.com/req_cert_mmc2.gif
[req_cert_mmc3_small.gif]: /images/20211217/c7298f42d9e94562819d19dd57a1eed4.png
[req_cert_mmc3_small.gif 1]: http://images.cnblogs.com/req_cert_mmc3.gif
[req_cert_mmc4_small.gif]: https://images.cnblogs.com/req_cert_mmc4_small.gif
[req_cert_mmc4_small.gif 1]: http://images.cnblogs.com/req_cert_mmc4.gif
[req_cert_mmc5_small.gif]: /images/20211217/683c29c5c4e547eca2e31b1259afe728.png
[req_cert_mmc5_small.gif 1]: http://images.cnblogs.com/req_cert_mmc5.gif
[req_cert_mmc6_small.gif]: /images/20211217/5f7be5a9f6794725bfea8dc5fdf3cc84.png
[req_cert_mmc6_small.gif 1]: http://images.cnblogs.com/req_cert_mmc6.gif
[Link 1]: http://www.cnblogs.com/uri/?id=2133&host=technet.microsoft.com
[req_cert_ie_small.gif]: /images/20211217/3164d718616e4f84ad6fda73f8f00a6f.png
[req_cert_ie_small.gif 1]: http://images.cnblogs.com/req_cert_ie.gif
[req_cert_ie1_small.gif]: /images/20211217/2734326a5d8245498d18537988615d72.png
[req_cert_ie1_small.gif 1]: http://images.cnblogs.com/req_cert_ie1.gif
[req_cert_ie2_small.gif]: https://images.cnblogs.com/req_cert_ie2_small.gif
[req_cert_ie2_small.gif 1]: http://images.cnblogs.com/req_cert_ie2.gif
[req_cert_ie3_small.gif]: /images/20211217/dabee77ad319479da27b5ff5dc794f1e.png
[req_cert_ie3_small.gif 1]: http://images.cnblogs.com/req_cert_ie3.gif
[req_cert_ie4_small.gif]: /images/20211217/41a6175ea89d4945ad0591df503d8141.png
[req_cert_ie4_small.gif 1]: http://images.cnblogs.com/req_cert_ie4.gif
[req_cert_ie5_small.gif]: https://images.cnblogs.com/req_cert_ie5_small.gif
[req_cert_ie5_small.gif 1]: http://images.cnblogs.com/req_cert_ie5.gif
[req_cert_ie6_small.gif]: /images/20211217/5f9bef2d94c24ea6a77c790f58984479.png
[req_cert_ie6_small.gif 1]: http://images.cnblogs.com/req_cert_ie6.gif
[req_cert_ie7_small.gif]: https://images.cnblogs.com/req_cert_ie7_small.gif
[req_cert_ie7_small.gif 1]: http://images.cnblogs.com/req_cert_ie7.gif
[req_cert_ie8_small.gif]: /images/20211217/0bd371923e874143879f5a7aff64ae4d.png
[req_cert_ie8_small.gif 1]: http://images.cnblogs.com/req_cert_ie8.gif
[req_cert_ie9_small.gif]: https://images.cnblogs.com/req_cert_ie9_small.gif
[req_cert_ie9_small.gif 1]: http://images.cnblogs.com/req_cert_ie9.gif
[req_cert_ie10_small.gif]: https://images.cnblogs.com/req_cert_ie10_small.gif
[req_cert_ie10_small.gif 1]: http://images.cnblogs.com/req_cert_ie10.gif
[req_cert_ie11_small.gif]: https://images.cnblogs.com/req_cert_ie11_small.gif
[req_cert_ie11_small.gif 1]: http://images.cnblogs.com/req_cert_ie11.gif
[req_cert_ie12_small.gif]: https://images.cnblogs.com/req_cert_ie12_small.gif
[req_cert_ie12_small.gif 1]: http://images.cnblogs.com/req_cert_ie12.gif
[req_cert_ie13_small.gif]: /images/20211217/ac5df5c2e117478398acc0fafb8f2f9f.png
[req_cert_ie13_small.gif 1]: http://images.cnblogs.com/req_cert_ie13.gif