The most common way that I see administrators interface with the certificates on their systems is through the MMC snap-in tool. MMC is short for Microsoft Management Console, and by using MMC, you can administer just about anything in the operating system. Though this is perhaps a greatly underutilized tool, I only generally see it being opened for a few select tasks. Requesting certificates is one of those tasks.
We are going to use the MMC console on a new server that we have in our network. There is a new certificate template that has been created, and we would like to issue one of these certificates to our new web server.
A Server 2016 Enterprise Root CA server is online and running in our network. On it, we have configured a new certificate template called IPsec Certificate
. The steps have been taken to publish this template so that it may be requested from computers in our network. We are now working from a brand new web server that is also running Server 2016 and joined to our domain, where we are going to accomplish the work of manually requesting a certificate from the CA server.
Follow these steps to request a new certificate using the MMC console:
mmc
. Then press Enter. Alternatively, you could open MMC from the Start screen.
CERTMGR.MSC
opens user certificatesCERTLM.MSC
opens computer certificates
Personal
folder. You can see that there are currently no certificates installed here.Personal
folder and navigate to All Tasks | Request New Certificate….
Utilizing the MMC console is a quick and easy way to request new certificates to be issued manually. In an Active Directory environment, any certificate template on the CA server that you have permissions to enroll will be visible and easy to enroll. Our example today displayed the enrollment process for a machine certificate that we are planning to use in the future for IPsec authentication. However, there are many cases where you may want to issue user-level certificates, rather than computer certificates. In those cases, you would want to snap-in the User account certificates, where in our example, we defined computer account certificates.
18.191.162.21