http://blogs.technet.com/pki/archive/tags/certificate+requests/default.aspxTags: certificate requestsen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/pki/archive/2008/10/04/creating-offline-certificate-requests-through-the-user-interface-on-windows-vista-or-windows-server-2008.aspxSat, 04 Oct 2008 17:43:04 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3132238MS20650http://blogs.technet.com/pki/comments/3132238.aspxhttp://blogs.technet.com/pki/commentrss.aspx?PostID=3132238<p>Windows Vista and Windows Server 2008 have a convenient user interface to create custom certificate requests. <p>If you want to create a custom certificate request, perform the following steps: <ol> <li>Start the <strong>Certificates MMC</strong> snap-in and expand the <strong>Personal – Certificates</strong> container in the left pane. <li>Right click the <b>Certificates</b> container and chose <b>Create custom request</b> from the context menu.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_2.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="Create custom request" border="0" alt="Create custom request" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb.png" width="609" height="277"></a> </p> <ol start="3"> <li>Click <b>Next</b> to accept the welcome page of the wizard. <li>If you have Enterprise CA connectivity in your Active Directory forest, you can chose from a list of available certificate templates and create the request based on a specific certificate template. If you want to be independent of any certificate template, select <b>(No template) CNG key.</b> For more information on Cryptography Next Generation (CNG), see the documentation on <a href="http://msdn2.microsoft.com/en-us/library/aa376210.aspx">MSDN</a>. <li>Click <b>Next</b> to continue.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_4.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="Custom request" border="0" alt="Custom request" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb_1.png" width="610" height="450"></a> </p> <ol start="6"> <li>To customize your certificate request click the little arrow next to the word <b>Details</b> in the Certificate Enrollment page. <li>Click the <b>Properties</b> button.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_6.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="Certificate information" border="0" alt="Certificate information" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb_2.png" width="609" height="450"></a> </p> <ol start="8"> <li>Use the dialog tabs to define the certificate properties.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_8.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="Certificate properties" border="0" alt="Certificate properties" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb_3.png" width="524" height="519"></a> </p> <ol start="9"> <li>After defining all certificate attributes, click <b>OK</b> <li>Finally, specify a filename to save the offline certificate request and click <b>Finish</b>.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_10.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="image" border="0" alt="image" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb_4.png" width="610" height="450"></a> </p> <ol start="11"> <li>The pending certificate request appears in the <i>Certificate Enrollment Requests </i>container in the <i>Certificates</i> MMC snap-in until the offline request was accepted.</li></ol> <p><a href="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_12.png"><img style="border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px" title="image" border="0" alt="image" src="http://blogs.technet.com/blogfiles/pki/WindowsLiveWriter/e3e110e4aee8_DCD1/image_thumb_5.png" width="610" height="331"></a> </p> <ol start="12"> <li>To verify the certificate request, double-click the pending request in the MMC snap-in. Alternatively use <b>certutil [mycert.req]</b> at a command-line where [mycert.req] is equal to the file that you saved in step 10. <li>To enroll for the certificate request, submit the request with <b>certreq –submit</b>. If no certificate template was selected in the wizard, it is required to specify one as command-line parameter. Also don’t forget the <i>–config</i> parameter to specify the name of the certification authority where you are enrolling from. The <em>certreq</em> command might look like the following example:</li></ol> <blockquote> <p><font size="2" face="Courier New">certreq –config "myCAserver\myCAname" –submit –attrib "CertificateTemplate:User" mycert.req</font></p></blockquote> <ol start="12"> <li>To install the certificate once it was enrolled, accept the certificate. This will also remove the pending certificate request from the <i>Certificate Enrollment Requests</i> container. Use <b>certutil –accept [certificatename.cer]</b> to accept the certificate request.</li></ol><img src="http://blogs.technet.com/aggbug.aspx?PostID=3132238" width="1" height="1">certificate requests