By default, every certification authority that is hosted on a server running Windows 2000 has Web pages available for users and administrators to perform a variety of tasks related to requesting certificates. These Web pages are located at http://servername/certsrv, where servername is the name of the Windows 2000 server that hosts the certification authority. The certsrv portion of the URL should always be in lower case letters; otherwise, users may have trouble checking and retrieving pending certificates. Users can access these Web pages using Microsoft Internet Explorer version 4.0 and greater, or Netscape Navigator version 3.01 and greater.
The Web pages are the only way for users to request certificates from stand-alone certification authorities. They are optional for users who want to request certificates from enterprise certification authorities. For more information about certification authorities, see Certificates and certification authorities
If you have been granted access permissions, you can perform the following tasks from these Web pages:
- Request a basic certificate. See To submit a user certificate request via the Web
- Request a certificate with advanced options. See To submit an advanced certificate request via the Web
This gives you greater control over the certificate request. Some of the user-selectable options available in an advanced certificate request include:
-
Cryptographic service provider (CSP) options. The name of the cryptographic service provider, the key size (512, 1024, and so on), the hash algorithm (SHA/RSA, SHA/DSA, MD2, MD5) and the key spec (exchange or signature).
-
Key generation options. Create a new key set or use an existing key set, mark the keys as exportable, enable strong key protection, and use the local computer store to generate the key.
-
Additional options. Save the request to a PKCS #10 file or add any specific attributes you want to add to the certificate.
Netscape clients cannot use the advanced option Web pages.
- Check on a pending certificate request
If you have submitted a certificate request to a stand-alone certification authority, you will need to check the status of the pending request to see if the certification authority has issued the certificate. If the certificate has been issued, it will be available for you to install it.
- Retrieve the certification authority's certificate to place in your trusted root store. See To retrieve a certification authority certificate
- Retrieve the current certificate revocation list. See To retrieve a certificate revocation list
- Submit a certificate request using a PKCS #10 file or a PKCS #7 file. See To request a certificate using a PKCS #10 or PKCS #7 file
- (For administrators only) Request a certificate for a smart card on behalf of another user. See To set up a smart card for user logon