A certificate request is a text file that contains information about you and your organization. After using the Certificate Management Tool to generate a certificate request, you can use the Microsoft® Certificate Server to generate certificates that fulfill the request contained in the request file.
At this time, the Certificate Management Tool works only with the Windows NT Certificate Server. Support by other certificate authorities is currently in progress.
To simplify keeping track of the certificate requests that you generate, you should store certificate requests in the shared folder that you specified when you installed the Microsoft Certificate Server.
For example, if you intend to use the generated certificate to digitally sign data, click Signature. If you intend to use the generated certificate to encrypt data, click Exchange.
If you want the certificate chain file to be imported only by the currently logged-on user, click Current User. If you want to allow anyone logged onto the current machine to import or export the certificate, click Machine.
If you are generating a request for a certificate that you intend to use under the Internet Information Server (IIS) service, the certificate must be a machine-based certificate. This requirement arises from the fact that IIS does not run under the current user’s security context. Certificates that you generate for use with the DigitalSig or DecryptPKCS components must be machine-based certificates because these components are executed under IIS and therefore use the machine context. This requirement does not apply to certificates submitted to you by your trading partners for use with the EncryptPKCS or VerifyDigitalSig components.
The Certificate Management Tool generates the request file (.crq) and saves it in the directory that you specified.
After generating a certificate request file, you can use the Microsoft Certificate Server to generate the certificate (.crt) and certificate chain (.chn) files that fulfill that request.