Stand-alone certification authority: installation on Windows Server

Generating a certificate

The generation of a certificate with an autonomous CA takes place in several steps:

  • Generation of the request (Certificate Signing Request).
  • Submissions of the application to AC.
  • Generation of the answer.
  • Finalization of the request to obtain the certificate.

Generation of the CSR

There are several ways to generate a CSR, in this tutorial we will do it under IIS.

1. Open an IIS console and click Server Certificates 1 .

IIS Console

2. On the Actions menu, click Create Certificate Request 1 .

Create a request

3. Complete the certificate information 1 and click Next 2 .

Certificate information

The common name is the URL of the certificate.

4. Configure the 1 encryption then click Next 2 .

Certificate encryption

5. Enter the request save location (CSR) 1 and click Finish 2 .

Save location of csr

The CSR is now generated, if you have done it on an IIS server other than the CA, you must copy the file to it.

Soumissions de la demande à AC

1. From the Authority Administration Console, right-click on the authority 1 , All Tasks 2 and click on Submit a new request 3 .

Submit request

2. Select the request file (CSR) 1 and click on Open 2 .

Text file CSR

3. Go to the Pending Request file 1 to see the pending certificate 2 .

Pending request

Deliver the certificate

1. Right click on request 1 and click on All tasks 2 / Deliver 3 .

Deliver the certificate

2. Go to Certificates issued 1 and double-click on certificate 2 .


3. Go to the Details tab 1 and click on the button Copy to a file 2 .


4. When launching the wizard, click Next 1 .


5. Select export format 1 then click Next 2 .

Export format

6. Enter the location and file name 1 and click the Next 2 button.

file name and location

7. Click Finish 1 to close the wizard.

Start export

8. Verify that the certificate is exported.


Finalizing the request to obtain the certificate

1. Go to the IIS / Certificates console where the request was made and click Finish Certificate Request … 1 .

Console IIS

2. Select the certificate generated by CA 1 , enter a name 2 and click OK 3 .

Clôture demande

3. The certificate is available 1 .

Certificat genere

It is now possible to export the certificate with its private key