Request a Certificate by Using a PKCS #10 or PKCS #7 File

Applies To: Windows 7, Windows Server 2008 R2

It is not always possible to submit a certificate request online to a certification authority (CA). In these instances, you might still be able to submit a certificate request in the form of a PKCS #7 or PKCS #10 file. In general, you use a PKCS #10 file to submit a request for a new certificate and a PKCS #7 file to submit a request to renew an existing certificate.

Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To request a certificate by using a PKCS #10 or PKCS #7 file

  1. Open a Web browser.

  2. Open https://*servername*/certsrv, where servername is the name of the Web server hosting the CA Web enrollment pages.

  3. Click Request a certificate, and then click Advanced certificate request.

  4. Click Submit a certificate request using a base-64-encoded CMC or PKCS #10 file or Submit a renewal request by using a base-64-encoded PKCS #7 file.

  5. In Notepad, click File, click Open, select the PKCS #10 or PKCS #7 file, click Edit, click Select all, click Edit, and then click Copy. On the Web page, click in the Saved request box. Click Edit, and then click Paste to paste the contents of the certificate request into the box.

  6. If you are connected to an enterprise CA, choose the certificate template that you want to use.

  7. If you have any attributes to add to the certificate request, enter them into Additional Attributes.

  8. Click Submit.

  9. Do one of the following:

    • If the Certificate Pending Web page appears, see Check on a Pending Certificate Request.

    • If the Certificate Issued Web page appears, click Download certificate chain. Save the file to your hard disk, and then import the certificate into your certificate store. For the procedure to import a certificate, see Import a Certificate.

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.

  • The Web server for the CA must be configured to use HTTPS authentication.

  • If you submit the request and immediately get a message asking you if you want to submit the request even though it does not contain a BEGIN or END tag, click OK.

Additional references