Installing the Certificate Enrollment Web Service

Applies To: Windows Server 2008 R2

This topic provides step-by-step procedures to install the Certificate Enrollment Web Service.

Important

Before beginning installation, review the requirements and configuration options for this role service in Setting Up Certificate Enrollment Web Services.

Enterprise Admins is the minimum group membership required to complete this procedure.

To install the Certificate Enrollment Web Service

  1. Open Server Manager.

  2. In the console tree, click Roles.

  3. If Active Directory Certificate Services is displayed on the Roles Summary page, click Add Role Services, and continue to the next step. If it is not displayed, complete the following steps before continuing:

    1. On the Roles Summary page, click Add Roles.

    2. On the Before You Begin page, click Next.

    3. On the Select Server Roles page, click Active Directory Certificate Services, and then click Next.

    4. Review the information on the Introduction to Active Directory Certificate Services page, and then click Next.

  4. On the Select Role Services page, select the Certificate Enrollment Web Service check box.

Note

The Certification Authority role service is automatically selected when the AD CS role is added, but it cannot be installed at the same time as the Certificate Enrollment Web Service. If you intend to install both the CA and the Certificate Enrollment Web Service, complete the CA installation first. See Setting Up Active Directory Certificate Services.

  1. Click Add Required Role Services when prompted to install required role services and features, and then click Next.

  2. To specify a CA, click either CA name or Computer name, and then click Browse. Select a CA or type a computer name, and then click OK.

  3. Select the Configure the Certificate Enrollment Web Service for renewal-only mode check box if you want to configure the Web service to accept only certificate renewal requests and reject enrollment requests for new certificates. See Configuring the Certificate Enrollment Web Service for Renewal Only Mode.

  4. Select the authentication type that the Certificate Enrollment Web Service will use to authenticate client requests, and then click Next.

  5. On the Specify Account Credentials page, click either Specify service account or Use built-in application pool identity. To specify a service account, click Select, type a domain account user name and password, and click OK. Click Next.

  6. Select an existing server certificate, click Import to import a certificate file or click Choose and assign a server certificate later, and then click Next. See Configuring Server Certificates for Certificate Enrollment Web Services for details.

  7. On the Introduction to Web Server (IIS) page, click Next.

  8. On the Select Role Services page, review the selected role services, and then click Next.

  9. Review the information on the Confirm Installation Selections page, and then click Install.

  10. Review the Installation Results page for messages. Additional tasks may be required to configure the Certificate Enrollment Web Service before users can submit requests.

Tip

For more information on configuration and post-configuration steps, see Certificate Enrollment Web Services in Active Directory Certificate Services.

Additional references