How do I obtain a Digital Certificate from my Certificate Authority (CA)?
This article will describe the 2 most popular methods for obtaining a Digital Certificate from your online Certificate Authority (or CA). I will not elaborate on the reasons for doing so, and if you feel uncomfortable about these issues I suggest you take a look at the related articles at the bottom of this page.
As stated above, there are 2 easy methods for obtaining a Digital Certificate from your online CA.
Digital Certificates can be granted to users based upon their roles and group membership. For example, a regular user that wants to enroll for a certificate will only be allowed to enroll for a specific set of Digital Certificates, while another user that is a member of the Domain Admins group will be allowed to enroll for a different set of certificates that can be used for a variety of functions, including Recovery Agents, IPSec, SSL and so on.
User Digital Certificates are valid for different purposes, including:
- Allowing data on disk to be encrypted
- Protecting e-mail messages
- Proving the user’s identity to a remote computer
Method #1 – By using a custom MMC
In this method a user will need to open a custom MMC and enroll by use of the MMC GUI.
In order to obtain a Digital Certificate by use of a custom MMC please perform the following steps:
- Go to the Start menu > Run > type MMC and press Enter.
- In the MMC window, go to the File
menu and select Add/Remove Snap-In.
- In the Add/Remove Snap-In window press the Add button.
- Select Certificates from the available list of snap-ins and click Add.
- In the user attempting this action is a member of the Domain Admins or Administrative groups he or she will be presented with a Certificates Snap-In window, asking whether the certificate will be issued to the user account, the computer or a service running on the computer. We will choose My User Account. Click Finish.
- Expand Certificates – Current User > Personal.
Note: There may be a Certificate folder under the Personal folder. Ignore it for now.
- Right-click the Personal folder and select All Tasks > Request New Certificate.
- In the Certificate Request wizard click Next.
- In the Certificates Type select User.
Note: Depending on the groups your user account belongs to, you might also see other certificate types. Ignore them for now.
- In the Friendly name type a name for the certificate, for example “Daniel’s User Certificate” or similar.
Lamer note: Use your own name… duh…
- In the final page of the wizard click Finish. If all went well (and there is no reason why it won’t) you’ll get a confirmation message. Acknowledge it.
You now have a new Digital Certificate. You can view it by going to the Certificates – Current User > Personal > Certificates folder within the current MMC window. Double-click on the new certificate and inspect the information found in it.