Server Certificates
Applies To: Windows Server 2012 R2, Windows Server 2012
Use the Server Certificates feature page to view the names of certificates, the fully qualified domain names (FQDNs) of hosts to which certificates have been issued, and the FQDNs of the servers that issued the certificates.
Related scenarios
In this document
UI Elements for Server Certificates
The following tables describe the UI elements that are available on the feature page and in the Actions pane.
Feature Page Elements
Element Name |
Description |
||
|---|---|---|---|
Name |
Displays the names of certificates that have been issued to clients that are running on either Internet or intranet hosts.
|
||
Issued To |
Displays the FQDNs of either the Internet or intranet hosts to which certificates have been issued. |
||
Issued By |
Displays the FQDNs of servers that have issued certificates to clients that are running on either Internet or intranet hosts. |
||
Expiration Date |
Displays the date that the certificate expires. |
||
Certificate Hash |
Displays binary data produced by using a hashing algorithm. Although this data uniquely identifies a certificate, the hash data cannot be used to trace a certificate because hashing is a one-way process. |
||
Certificate Store |
Displays the name of the provider that stores the certificate. |
.jpeg)
NoteActions Pane Elements
Element Name |
Description |
|---|---|
Import |
Opens the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA). |
Create Certificate Request |
Opens the Request Certificate wizard to provide information about your organization to an external certification authority. |
Complete Certificate Request |
Opens the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority. |
Create Domain Certificate |
Opens the Create Certificate wizard to provide information about your organization to an internal certification authority. |
Create Self-Signed Certificate |
Opens the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates. |
View |
Opens the Certificate dialog box so that you can view details about a certificate. Select a certificate to see this option. |
Export |
Opens the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key. Select a certificate to see this option. |
Remove |
Removes the item that is selected from the list on the feature page. Select a certificate to see this option. |
Import Certificate Dialog Box
Use the Import Certificate dialog box to restore a lost or damaged certificate that you previously backed up, or to install a certificate sent to you by another user or certification authority (CA).
Element Name |
Description |
|---|---|
Certificate file (.pfx) |
Type a file name in the Certificate file (.pfx) box or click Browse to navigate to the name of a file where the exported certificate is stored. |
Password |
Type the password in the Password field, if the certificate was exported with a password. |
Select Certificate Store |
Displays the name of the provider that stores the certificate. |
Allow this certificate to be exported |
Select Allow this certificate to be exported if you want to be able to export the certificate, or clear Allow this certificate to be exported if you do not want to allow additional exports of this certificate. |
Request Certificate Wizard
Use the Request Certificate wizard to request a certificate from a certification authority (CA).
Distinguished Name Properties Wizard Page
Use the Distinguished Name Properties dialog box to provide information about your organization to an internal or external certification authority.
Element Name |
Description |
|---|---|
Common name |
Type a name for the certificate. |
Organization |
Type the name of the organization for which the certificate is used. |
Organizational unit |
Type the name of the department or division in the organization in which the certificate is used. |
City/locality |
Type the unabbreviated name of the city or locality where your organization or organizational unit is located. |
State/province |
Type the unabbreviated name of the state or province where your organization or organizational unit is located. |
Country/region |
Type the name of the country or region where your organization or organizational unit is located. |
Cryptographic Service Provider Properties Wizard Page
Use the Cryptographic Service Provider Wizard page to select either Microsoft RSA SChannel Cryptographic Provider or Microsoft DH SChannel Cryptographic Provider to provide certificates that can encrypt transmissions between your server and clients. Additionally, you can adjust the level of security for your transmission by changing the bit length associated with the cryptographic service provider.
Element Name |
Description |
||
|---|---|---|---|
Cryptographic service provider |
Select either Microsoft RSA SChannel Cryptographic Provider or Microsoft DH SChannel Cryptographic Provider. The default cryptographic service provider is Microsoft RSA SChannel Cryptographic Provider.
|
||
Bit length |
Select a bit length that the provider you selected uses. By default, the RSA SChannel provider uses a bit length of 1024, and the DH SChannel provider uses a bit length of 512. Note A longer bit length increases the level of encryption. However, it can decrease performance because it requires the transmission of additional bits. |
File Name Wizard Page
Use the File Name dialog box to name and then save your certificates to the appropriate storage location.
Element Name |
Description |
|---|---|
Specify a file name for certificate request |
Type a file name in the Specify a file name for the certificate request field. |
… |
Navigate to a file name under which to store the certificate. |
Complete Certificate Request Dialog Box
Use the Complete Certificate Request dialog box to install the certificates that you receive from your certification authority (CA). Additionally, provide a Friendly name for the certificate that you want to install to complete the certificate installation process.
Element Name |
Description |
||
|---|---|---|---|
File name containing certification authority's response |
Type the path of the file that contains the response from the certification authority in the File name containing certification authority's response box, or click Browse to navigate to the location in which the file from the certification authority is stored.
|
||
Friendly name |
Type a name in the Friendly name box to complete the certificate installation process. |
||
Select a certificate store for the new certificate |
Select from a list of available certificate providers. |
.jpeg)
ImportantCreate Certificate Wizard
Use the Create Certificate wizard to create a domain certificate. A domain certificate is an internal certificate that is not issued by an external certification authority (CA).
Distinguished Name Properties Wizard Page
Use the Distinguished Name Properties dialog box to provide information about your organization to an internal or external certification authority.
Element Name |
Description |
|---|---|
Common name |
Type a name for the certificate. |
Organization |
Type the name of the organization for which the certificate is used. |
Organizational unit |
Type the name of the department or division in the organization in which the certificate is used. |
City/locality |
Type the unabbreviated name of the city or locality where your organization or organizational unit is located. |
State/province |
Type the unabbreviated name of the state or province where your organization or organizational unit is located. |
Country/region |
Type the name of the country or region where your organization or organizational unit is located. |
Online Certification Authority Wizard Page
Use the Online Certification Authority Wizard page to identify an online certification authority (CA) server in your Windows domain. Additionally, supply the CA server that you want to use with a Friendly name to complete the Create Domain Certificate Wizard.
Element Name |
Description |
||
|---|---|---|---|
Specify Online Certification Authority |
Type the path of a CA server that is in your Windows domain, or click Select to search for a CA server that is in your domain and display the Select Certification Authority dialog box.
|
||
Friendly name |
Type a name for the CA server that you want to use in the Friendly name box. Type a name in the Friendly name box to complete the Create Domain Certificate Wizard. |
Select Certification Authority Dialog Box
Use the Select Certification Authority dialog box to select the internal certification authority (CA) that you want to use.
Element Name |
Description |
|---|---|
Select a certification authority you want to use |
Lists the friendly names of CA and the fully qualified domain name (FQDN) of the computer that hosts the CA. Select the CA that you want to use. |
Create Self-Signed Certificate Dialog Box
Use the Create Self-Signed Certificate dialog box to create certificates to use in server testing environments and for troubleshooting third-party certificates.
You can view the properties of your self-signed certificate on the Server Certificates Page.
Element Name |
Description |
||
|---|---|---|---|
Specify a friendly name for the certificate |
Type a friendly name in the Name box to create a self-signed certificate.
|
Export Certificate Dialog Box
Use the Export Certificate dialog box to export certificates from a source server when you want to apply the same certificate to a target server, or when you want to back up a certificate and its associated private key.
Note
If you associate a password with the certificate, whoever imports the certificate must know the password before the certificate can be applied to the target server.
Element Name |
Description |
|---|---|
Export to |
Type a file name in the Export to box or click Browse to navigate to the name of a file in which to store the certificate for exporting. |
Password |
Type a password in the Password box if you want to associate a password with the exported certificate. |
Confirm password |
Retype the password in the Confirm password box and then click OK. |
Renew an Existing Certificate Wizard
Use the Renew an Existing Certificate wizard to renew a certificate that is about to expire.
Important
You cannot renew a certificate that has already expired. If you try to renew a certificate that has expired, the certification authority (CA) rejects the request, and you will see an error message similar to "Error Verifying Request Signature or Signing Certificate. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." This message is also displayed in the Failed Requests node of the issuing CA. If your certificate has already expired, request a new certificate instead of renewing the existing certificate.
Element Name |
Description |
|---|---|
Renew an existing certificate |
Select this option to renew an existing certificate from an internal certification authority (CA) on your domain. |
Create a renewal certificate request |
Select this option to package your renewal information for later submission to a CA. |
Complete certificate renewal request |
Select this option to complete the certificate renewal request with the certificate you received from a CA. |