Server Certificates

  • Article

 

Applies To: Windows Server 2012 R2, Windows Server 2012

Use the Server Certificates feature page to view the names of certificates, the fully qualified domain names (FQDNs) of hosts to which certificates have been issued, and the FQDNs of the servers that issued the certificates.

Related scenarios

In this document

UI Elements for Server Certificates

The following tables describe the UI elements that are available on the feature page and in the Actions pane.

Feature Page Elements

Element Name

Description

Name

Displays the names of certificates that have been issued to clients that are running on either Internet or intranet hosts.

Note

Certificates are not required to have names. You might have to view other columns to obtain information about certificates.

Issued To

Displays the FQDNs of either the Internet or intranet hosts to which certificates have been issued.

Issued By

Displays the FQDNs of servers that have issued certificates to clients that are running on either Internet or intranet hosts.

Expiration Date

Displays the date that the certificate expires.

Certificate Hash

Displays binary data produced by using a hashing algorithm. Although this data uniquely identifies a certificate, the hash data cannot be used to trace a certificate because hashing is a one-way process.

Certificate Store

Displays the name of the provider that stores the certificate.

Actions Pane Elements

Element Name

Description

Import

Opens the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA).

Create Certificate Request

Opens the Request Certificate wizard to provide information about your organization to an external certification authority.

Complete Certificate Request

Opens the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority.

Create Domain Certificate

Opens the Create Certificate wizard to provide information about your organization to an internal certification authority.

Create Self-Signed Certificate

Opens the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates.

View

Opens the Certificate dialog box so that you can view details about a certificate. Select a certificate to see this option.

Export

Opens the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key. Select a certificate to see this option.

Remove

Removes the item that is selected from the list on the feature page. Select a certificate to see this option.

Import Certificate Dialog Box

Use the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA).

Element Name

Description

Certificate file (.pfx)

Type a file name in the Certificate file (.pfx) box or click Browse to navigate to the name of a file where the exported certificate is stored.

Password

Type the password in the Password field, if the certificate was exported with a password.

Select Certificate Store

Displays the name of the provider that stores the certificate.

Allow this certificate to be exported

Select Allow this certificate to be exported if you want to be able to export the certificate, or clear Allow this certificate to be exported if you do not want to allow additional exports of this certificate.

Request Certificate Wizard

Use the Request Certificate wizard to request a certificate from a certification authority (CA).

Distinguished Name Properties Wizard Page

Use the Distinguished Name Properties dialog box to provide information about your organization to an internal or external certification authority.

Element Name

Description

Common name

Type a name for the certificate.

Organization

Type the name of the organization for which the certificate is used.

Organizational unit

Type the name of the department or division in the organization in which the certificate is used.

City/locality

Type the unabbreviated name of the city or locality where your organization or organizational unit is located.

State/province

Type the unabbreviated name of the state or province where your organization or organizational unit is located.

Country/region

Type the name of the country or region where your organization or organizational unit is located.

Cryptographic Service Provider Properties Wizard Page

Use the Cryptographic Service Provider Wizard page to select either Microsoft RSA SChannel Cryptographic Provider or Microsoft DH SChannel Cryptographic Provider to provide certificates that can encrypt transmissions between your server and clients. Additionally, you can adjust the level of security for your transmission by changing the bit length associated with the cryptographic service provider.

Element Name

Description

Cryptographic service provider

Select either Microsoft RSA SChannel Cryptographic Provider or Microsoft DH SChannel Cryptographic Provider. The default cryptographic service provider is Microsoft RSA SChannel Cryptographic Provider.

Note

Select Microsoft DH SChannel Cryptographic Provider when you must exchange a secret key over a network that is not secure and you have had no prior communication with the other party.

Bit length

Select a bit length that the provider you selected uses. By default, the RSA SChannel provider uses a bit length of 1024, and the DH SChannel provider uses a bit length of 512.

Note

A longer bit length increases the level of encryption. However, it can decrease performance because it requires the transmission of additional bits.

File Name Wizard Page

Use the File Name dialog box to name and then save your certificates to the appropriate storage location.

Element Name

Description

Specify a file name for certificate request

Type a file name in the Specify a file name for the certificate request field.

Navigate to a file name under which to store the certificate.

Complete Certificate Request Dialog Box

Use the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority (CA). Additionally, provide a Friendly name for the certificate that you want to install to complete the certificate installation process.

Element Name

Description

File name containing certification authority's response

Type the path of the file that contains the response from the certification authority in the File name containing certification authority's response box, or click Browse to navigate to the location in which the file from the certification authority is stored.

Important

Complete this process to install a certificate on your server.

Friendly name

Type a name in the Friendly name box to complete the certificate installation process.

Select a certificate store for the new certificate

Select from a list of available certificate providers.

Create Certificate Wizard

Use the Create Certificate wizard to create a domain certificate. A domain certificate is an internal certificate that is not issued by an external certification authority (CA).

Distinguished Name Properties Wizard Page

Use the Distinguished Name Properties dialog box to provide information about your organization to an internal or external certification authority.

Element Name

Description

Common name

Type a name for the certificate.

Organization

Type the name of the organization for which the certificate is used.

Organizational unit

Type the name of the department or division in the organization in which the certificate is used.

City/locality

Type the unabbreviated name of the city or locality where your organization or organizational unit is located.

State/province

Type the unabbreviated name of the state or province where your organization or organizational unit is located.

Country/region

Type the name of the country or region where your organization or organizational unit is located.

Online Certification Authority Wizard Page

Use the Online Certification Authority Wizard page to identify an online certification authority (CA) server in your Windows domain. Additionally, supply the CA server that you want to use with a Friendly name to complete the Create Domain Certificate Wizard.

Element Name

Description

Specify Online Certification Authority

Type the path of a CA server that is in your Windows domain, or click Select to search for a CA server that is in your domain and display the Select Certification Authority dialog box.

Note

Domain certificates are not appropriate for use with external clients that are not members of your internal Windows domain.

Friendly name

Type a name for the CA server that you want to use in the Friendly name box. Type a name in the Friendly name box to complete the Create Domain Certificate Wizard.

Select Certification Authority Dialog Box

Use the Select Certification Authority dialog box to select the internal certification authority (CA) that you want to use.

Element Name

Description

Select a certification authority you want to use

Lists the friendly names of CA and the fully qualified domain name (FQDN) of the computer that hosts the CA. Select the CA that you want to use.

Create Self-Signed Certificate Dialog Box

Use the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates.

You can view the properties of your self-signed certificate on the Server Certificates Page.

Element Name

Description

Specify a friendly name for the certificate

Type a friendly name in the Name box to create a self-signed certificate.

Note

The certificates you create with this feature are not from a trusted certification authority (CA) source. Therefore, use self-signed certificates only to help secure data transmissions between your server and clients inside a test environment.

Export Certificate Dialog Box

Use the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key.

Note

If you associate a password with the certificate, whoever imports the certificate must know the password before the certificate can be applied to the target server.

Element Name

Description

Export to

Type a file name in the Export to box or click Browse to navigate to the name of a file in which to store the certificate for exporting.

Password

Type a password in the Password box if you want to associate a password with the exported certificate.

Confirm password

Retype the password in the Confirm password box and then click OK.

Renew an Existing Certificate Wizard

Use the Renew an Existing Certificate wizard to renew a certificate that is about to expire.

Important

You cannot renew a certificate that has already expired. If you try to renew a certificate that has expired, the certification authority (CA) rejects the request, and you will see an error message similar to "Error Verifying Request Signature or Signing Certificate. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." This message is also displayed in the Failed Requests node of the issuing CA. If your certificate has already expired, request a new certificate instead of renewing the existing certificate.

Element Name

Description

Renew an existing certificate

Select this option to renew an existing certificate from an internal certification authority (CA) on your domain.

Create a renewal certificate request

Select this option to package your renewal information for later submission to a CA.

Complete certificate renewal request

Select this option to complete the certificate renewal request with the certificate you received from a CA.