Creating an SSL Cert using windows certificate services

[RabbieBurns]

We have a number of devices that use a https web interface for management. They have their own certificate, but this is untrusted.

I'm looking to use active directory certificate services to create a cert that I can install onto these devices, but not sure where to begin.

Can someone point me to the right HOW-To or such please?

[SYNACK]

Use the webserver to create a CSR: IIS SSL Certificate CSR Creation - Microsoft IIS 7

go to the certservices website of your cert services machine /certsrv I think and then submit the request text, this will give you a file to download which you then apply to the requesting server which has the other half. Once it is made you can export it and its public key from the certificates snapin in MMC to use on other servers/firewalls etc.

[RabbieBurns]

My ADSC is running on a DC. When I try to add the Web component roles, it says about adding a user to a local IIS group. But I cannot access the local accounts as it is a DC?

[Arthur]

SelfSSL might be worth a try?

blog.samkendall.net/2011/10/13/creating-a-self-signed-certificate-on-windows-server-20082008-r2-without-iis/

[SYNACK]

My ADSC is running on a DC. When I try to add the Web component roles, it says about adding a user to a local IIS group. But I cannot access the local accounts as it is a DC?

Yes, perhaps selfssl as below, they don't like you running Cert services on a DC as it makes it impossible to migrate (or at least it used to).