Generating Certificates with Microsoft Certificate Server

Microsoft® Certificate Server is included with the Windows NT 4.0 Option Pack, however, it is not installed as part of the Typical option in setup. To install Certificate Server, run the Windows NT 4.0 Option Pack Setup. If you have already installed the Option Pack, click the Add/Remove button (which enables you to add a component to the existing installation), select the Certificate Server check box, and then proceed with setup. If you have not yet installed the Option Pack, click the Custom button during setup, select the Certificate Server check box, and then proceed with setup.

The Certificate Server is a command-line executable file (installed by default in the \WINNT\System32\ directory) that runs as a Windows NT service. Generating a certificate involves running the CertReq application (certreq.exe) while the Certificate Server service is running.

To generate a certificate from a request file
  1. On the Start menu, point to Programs, and then click Command Prompt.
  2. Change to the directory in which your certificate requests are saved.
  3. At the command prompt , make sure that the Certificate Server service is running by typing:
    net start certsvc
    
  4. At the command prompt, type the following command. For filename, substitute the name of the certificate request file (.crq) that you generated using the Certificate Management Tool (see Generating a Certificate Request):
    certreq filename.crq filename.crt filename.chn
    

The CertReq application generates a certificate (.crt) file and a certificate chain (.chn) file, based on the request. The .crt file contains only the certificate, while the .chn file contains the certificate plus the certificate for the issuing authority. The Certificate Management Tool requires a certificate chain file (.chn), but because the .crt is a required parameter, a .crt file is generated as well.

Related Topics


© 1997-1998 Microsoft Corporation. All rights reserved.