If you’ve seen certificates in Windows Server 2008 r2, this guide should help. g.Enter mmc.From the File menu, select Add / Remove Snap-in. In the left pane, click Certificates, and then click Add.Select Computer Account, then tap Next.Select Local Computer and click Finish.Click OK.

 

 

g.

Objective

certificates in windows server 2008 r2

These pages describe how to obtain certificates in Windows 2008 without using IIS Manager. The instructions were viewed using Windows 2008 Server R2. The version of certmgr.msc shipped with Windows 2003 is different and these instructions do not apply.

Instructions

Generate new private key and certificate completion request (CSR)

  1. Log in as an administrator.
  2. Open my certificate manager console (click> first find programs and files> certmgr.msc). Your
  3. Open your local computer certificates (click File> Add / Remove Snap-in …> Certificates> Computer> Next Account> Local Computer> Finish).
  4. Select Certificates (Local> Computer) Personal> Certificates.
  5. Highlighting personal certificates for the logOn your local computer, click Action> All Tasks> Advanced Operations> Create Custom Query. The Certificate Registration Wizard will open.
  6. In the Certificate Enrollment Wizard:
    1. Read the current Before You Begin screen and just click Next.
    2. If you selected a TV recording policy under Custom Request, select Get Recording Policy and click Next.
    3. On our custom request screen
      1. Settings for submitting “(No Template) Inherited Key” in the dropdown menu and do not check the “Remove Traditional Extensions” checkbox.
      2. Select PKCS # 10 as the request format.
      3. Click Next.
    4. On the Certificate Enrollment screen, click Details, then click Properties. The Properties dialog box for your certificate will open.
      1. On the General tab, General tab, also enter a description for the certificate.
      2. On the Object tab
        1. Choose Common Name from the Type menu, enter your fully qualified DNS name as the value, and click Add>.
        2. Choose “Organization” from the “Type “, enter” University of Washington from to get the value, and click Add>.
        3. Under State, select the Type menu, enter WA as the value, and click Add > “.
        4. Choose your country from the Type menu, enter US and click Add>.
        5. Optionally, select Type from the Type menu, enter an email address for values, then click Add> .Email.
        6. Optionally add values ​​for the theme alias if you need these elements.
      3. On the Extensions tab
        1. expand Key Usage and add Digital Signature as a result of your selections and options, make sure “All of these key uses are critical”.
        2. Expand “Public Key Usage (Application Policy)” and add time for “Server Authentication” and “Client Authentication” for the selected options and check if there are any “Extended Use of Critical” Key become.
      4. On the Private Key tab
        1. expand Cryptographic Provider and select Cryptographic ProviderMicrosoft Strong Physical Services (Signature) Provider “Microsoft RSA SChannel Crytographic (Encryption)”.
        2. Expand the key options and select the Key Size drop-down menu in s “2048”.
        3. If you need to export the certificate and use it on another host, select “Make the private key exportable.” This is a little more important if you have a set of servers or are using a new one. Typically the Central Certificate Store option is available with IIS8.
    5. Click OK.
    6. Click Next in the certificate information film.
      1. Enter a name for your CSR (e.g. certname.req).
      2. Select “Base 64” as the file format.
      3. Click Finish.

Submit the CSR and get the certificate normally

  1. Submit to UW Certificate Services csr at https://iam-tools.u.washington.edu/cs/
    1. Select New InCommon Certificate if you have there is an SSL certificate for the web server or other device.