So you host a bunch of internal SharePoint sites, Websites and other internal web applications. You want to secure them with SSL but you cannot afford a certificate from a third party certificate authority right now. I am going to walk you through installing a new CA, request a certificate, approve a certificate and then install a certificate.
Go to start and click on “Server Manager”
Click on “Add Roles”
Select “Certificate Services” and click next
I typically choose “Certification Authority” and “Certification Authority Web Enrollment” and click next
NOTE: I choose the web enrollment so I can request certificates and download them from the web browser.
I chose “Stand Alone” on the next screen
NOTE: You can choose “Enterprise” to integrate this CA with active directory. I chose not to in my setup.
This is the first Certificate Authority so choose “Root CA” then click next
Choose “Create new Private Key” then click next
Leave the default unless your needs require you to choose another type of security. Click next
Give your CA a name and click next
Set the validity period (This is the number of years for which your CA’s certificates are valid before it expires) I chose 10 years. Click next when you are done setting this
This next screen shows you where the certificate databases will be located. Click next
Now your Certificate Authority will be installed.
To Request a Certificate:
Go to your new Certificate Authority website and click on “Request a certificate”
NOTE: The CA website URL is: http://SERVERNAME/certsrv/
Choose Web Browser Certificate
If you are on Windows Vista or Windows 7 you may get the following error
To get past this error in internet Explorer select Tools>>Internet Options>>Security then choose the zone you need. For me this was Local intranet. Now select the “Custom Level…” button and look for “Initialize ActiveX unsafe for scripting”. You need to enable this.
Now close and reopen your browser
Now when you go to request a certificate you will not get the above error. You will get the below prompt. Click yes on it.
Now you will be able to fill out the information to submit a certificate request.
To approve the certificate request:
Log onto the CA server
Go to Start >> Programs >> Administrative Tools >> Certification Authority
Expand the CA and you will see pending requests
Right click on the pending certificate and select Issue
That is it now your certificate is ready to be used.
To install the approved certificate:
Go back to the certificate site (http://SERVERNAME/certsrv/) and click on “View the status of a pending certificate request”
On the next screen click on the certificate that you requested
Now click on “Install this certificate”.
That is it. Your new certificate should now be installed.
Fore more info about Certificate Services visit: