Generating a certificate in the certification authority
The instructions are provided for Microsoft Certification Authority deployed on Windows Server 2016.
We recommend using the Internet Explorer browser. Other browsers may display some Microsoft Certification Authority pages incorrectly.
To generate a PFX certificate with a private key:
Open the page of your certification authority in your browser: https://<server address>/certsrv.
Select Request a certificate.
This opens the Request a Certificate page.
Select advanced certificate request.
This opens the Advanced Certificate Request page.
Select Create and submit a request to this CA.
This opens the Advanced Certificate Request page.
In the Certificate Template drop-down list, select one of the following options:
Template with the Server Authentication extension if you want to use the certificate as a server certificate.
Template with the Client Authentication extension if you want to use the certificate as a client certificate.
Template with the Server Authentication and Client Authentication extensions if you want to use the certificate as a server certificate and a client certificate.
In the Identifying Information For Offline Template group of settings, enter the information for your organization.
The Name field is required.
In the Key Options group of settings:
Select Create new key set.
In the Key Size field, type 2048.
Select Automatic key container name.
Select the Mark keys as exportable check box.
In the Additional Options group of settings, make sure that the Save request check box is cleared.
Click Submit.
This opens the Certificate Issued page.
Select Install this certificate.
The certificate with a private key is generated and saved in the certificate store of your account.