We then click on the task "Request a certificate" (see above) which brings us to this page:
Select the second option.
At this point, I encountered the following error:
This can be caused by a number of factors:
- You simply do not have permissions to the template. In my case, I was connected with the default domain administrator account (test network).
- You used a Windows 2008 (v3) template when you duplicated the web server template. I made this mistake once but then duplicated the template a second time using the Windows 2003 option. For more information, this was discussed in my previous blog post.
- Others encountering the problem have suggested that we need to move NTLM above Negotiate under the Providers for Windows authentication. See "NTLM" 1 and 2 screenshots below.
- Yet others have suggested that the Application Pool Identity must be set to NetworkService. See the "Application Pool Identity" screenshot below.
NTLM 2 - where do I find Providers?
Application Pool Identity
We right-click on the certificate request, select "All Tasks" and then "Issue":
Once approved and issued, the certificate is moved to the "Issued Certificates" folder:
Now we can return to the web site where we submitted the request and view the status of our request. We click on the "View status (etc.)" link:
We can see the certificate request:
We select a location to save the file:
We browse to the downloaded certificate and provide a name for it (click Next or Finish as needed):
Now we have the second certificate in place:
All we need to do is to bind it to the default website:
Select the certificate we just downloaded for https (port 443):
Once we have finished we can close Site Bindings...
And then enable SSL on the CertSrv website:
Now clients are able to access the website and request certificates.