Académique Documents
Professionnel Documents
Culture Documents
Consumo medio combinado de 4,0 a 6,7 l/100 km. Emisiones de CO2 de 106 a 152 g/km.
Consulta condiciones en seat.es
When you install a Certi cate Authority (or CA) on a Windows Server
2008/R2/2012, it is usually for the purpose of issuing digital certi cates.
These are then used by users, computers, devices, and so on to
authenticate themselves, to prove their authenticity, and for other types
of communication that requires Public Key Infrastructure (PKI)
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 1/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
encryption. In today’s article I’ll walk you through how to enable HTTPS
on Certi cate Authority for Web Enrollment, how to create the
certi cate template, and more.
I will not go into more detail as to why and how you want to install this
CA just now (although that’s something that I will probably cover in a
later article). However, assuming you know a bit about Windows-based
CAs, there are basically four common methods of issuing these
certi cates:
You can perform the following tasks from the CA Web Enrollment
pages:
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 2/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
So, you’ve installed your CA, added the Web Enrollment role service, and
now you would like to request a certi cate or perform one of the tasks
described above.
Next, click on the type of certi cate you want to issue (in this case,
it’s a user certi cate).
The next thing you will see is an error reading, “In order to complete the
certi cate enrollment, the Web site for the CA must be con gured to
use HTTPS authentication.”
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 3/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
The reason for this error is that the CA Web Enrollment role service
pages require that you secure them with secure sockets layer (SSL) /
transport layer security (TLS). To resolve this issue, you must install an
appropriate certi cate on the web server hosting the CA Web
Enrollment pages. In addition, you must con gure the Site Bindings
for the website to add the HTTPS port 443 binding.
Before we begin, we need to make sure that the server hosting the Web
Enrollment service role and IIS can enroll and receive a digital certi cate
that is intended for the purpose of of “Server Authentication.” This
means that they must contain the Server Authentication object
identi er (OID): 1.3.6.1.5.5.7.3.1
Read my article, “Creating a Digital Certi cate Template for the Purpose
of Server Authentication in Windows Server 2008/R2/2012” for more
information about this.
Next, on the IIS server hosting the CA Web Enrollment pages, open
an MMC console by typing mmc and then pressing Enter.
From the list of available snap-ins, select Certi cates and then click
Add.
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 4/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
On the Select Certi cate Enrollment Policy page, ensure that Active
Directory Enrollment Policy is selected and then click Next.
You must make sure that the certi cate template you are about to
request contains the Server Authentication object identi er (OID):
1.3.6.1.5.5.7.3.1. Read my article, “Creating a Digital Certi cate Template
for the purpose of Server Authentication in Windows Server
2008/R2/2012,” for more information about this.
The Computer template does. You can verify this by clicking on the
Details arrow. Look at the Application Policies section and select it.
When the process is nished, you will have a brand new digital
certi cate.
Next, we need to enable IIS to use this certi cate and listen (bind) to the
right port (TCP 443) for HTTPS connectivity.
On the IIS server hosting the CA Web Enrollment pages, open the
Internet Information Services (IIS) Manager.
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 5/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
Note that our certi cate is listed. You can inspect it of you want to.
Expand the server and Sites nodes until you can see Default Web
Site. Click Default Web Site.
Set SSL certi cate to the certi cate that you issued to the server. If
you have more than one certi cate, you can con rm you have the
correct certi cate by clicking View.
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 6/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
This may also happen if you attempt to use just the host name part of
the server’s FQDN. Again, this is because it is not the name to which the
certi cate was issued.
Did you try to use the servers FQDN and got an error? Read my article,
“Solving the ‘This Web Browser Does Not Support the Generation of
Certi cate Requests’ Error,” for a solution.
MEMBER LOGIN:
Username/Email
Password
Keep me signed in
Forgot password?
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 7/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
Sign In
Don't have a login but want to join the conversation? Sign up for a Petri Account
Register
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 8/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
Daniel Petri is a world-known IT professional, technical trainer and creator of one of the world’s
largest IT knowledge bases – www.petri.com. Daniel consults to leading global Fortune 1000
companies in Microsoft IT Infrastructure and Engineering strategies.
For his contribution to the IT Pro community Daniel has received the Microsoft Most Valuable
Professional (MVP) award for the 14th time. Daniel’s professional certi cations include Microsoft
Certi ed Technology Specialist, Microsoft Certi ed Systems Engineer, Microsoft Certi ed System
Administrator and Microsoft Certi ed Trainer.
While working for Microsoft, Daniel serves as a Senior Premier Field Engineer (PFE) specializing
in Windows Server OS and Active Directory.
Daniel now works for ObserveIT, makers of the Insider Threat Detection software, where he
holds the role of Senior Solutions Architect, where he manages large deployment projects and
partner and customer training programs.
In his spare time, Daniel rides a 1200cc 2015 model Ducati Multistrada 1200S bike and manages
the Israeli Bikers forum.
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 9/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
Create a free account to interact with our community of IT Pros and stay informed on the
latest IT news.
Sign Up Now
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 10/11
16/1/2019 Enable HTTPS Certificate Authority for Web Enrollment
https://www.petri.com/enable-https-certificate-authority-web-enrollment-windows-server-2008-2012 11/11