Generating a certificate in the certification authority

The instructions are provided for Microsoft Certification Authority deployed on Windows Server 2016.

We recommend using the Internet Explorer browser. Other browsers may display some Microsoft Certification Authority pages incorrectly.

To generate a PFX certificate with a private key:

1. Open the page of your certification authority in your browser: https://<server address>/certsrv.
2. Select Request a certificate.

   This opens the Request a Certificate page.

3. Select advanced certificate request.

   This opens the Advanced Certificate Request page.

4. Select Create and submit a request to this CA.

   This opens the Advanced Certificate Request page.

5. From the Certificate Template drop-down list, select the template with the Server Authentication extension.
6. In the Identifying Information For Offline Template group of settings, enter the information for your organization.

   The Name field is required.

7. In the Key Options group of settings:
   1. Select Create new key set.
   2. In the Key Size field, enter the value 4096.
   3. Select Automatic key container name.
   4. Select the Mark keys as exportable check box.
8. In the Additional Options group of settings, make sure that the Save request check box is cleared.
9. Click Submit.

   This opens the Certificate Issued page.

10. Select Install this certificate.

The certificate with a private key is generated and saved in the certificate store of your account.

Page top