Generating a Certificate Request

A certificate request is a text file that contains information about you and your organization. After using the Certificate Management Tool to generate a certificate request, you can use the Microsoft® Certificate Server to generate certificates that fulfill the request contained in the request file.

Note

At this time, the Certificate Management Tool works only with the Windows NT Certificate Server. Support by other certificate authorities is currently in progress.

To generate a request file
  1. On the Start menu, point to Programs, point to Microsoft Site Server, point to Commerce, and then click Certificate Management to display the Certificate Management Tool.
  2. Click Create A Certificate Request.
  3. In the File name box, type the full path and file name for the new certificate request file (.crq).

    To simplify keeping track of the certificate requests that you generate, you should store certificate requests in the shared folder that you specified when you installed the Microsoft Certificate Server.

  4. Fill in the personal and business information in the appropriate text boxes.
  5. For Usage, click an option to specify how you will use the key stored in the certificate that you generate based on this request.

    For example, if you intend to use the generated certificate to digitally sign data, click Signature. If you intend to use the generated certificate to encrypt data, click Exchange.

  6. For Scope, specify the context in which the generated certificate can be used.

    If you want the certificate chain file to be imported only by the currently logged-on user, click Current User. If you want to allow anyone logged onto the current machine to import or export the certificate, click Machine.

    If you are generating a request for a certificate that you intend to use under the Internet Information Server (IIS) service, the certificate must be a machine-based certificate. This requirement arises from the fact that IIS does not run under the current user’s security context. Certificates that you generate for use with the DigitalSig or DecryptPKCS components must be machine-based certificates because these components are executed under IIS and therefore use the machine context. This requirement does not apply to certificates submitted to you by your trading partners for use with the EncryptPKCS or VerifyDigitalSig components.

  7. Click OK.

    The Certificate Management Tool generates the request file (.crq) and saves it in the directory that you specified.

After generating a certificate request file, you can use the Microsoft Certificate Server to generate the certificate (.crt) and certificate chain (.chn) files that fulfill that request.


© 1997-1998 Microsoft Corporation. All rights reserved.