- Verify your system has the UW Services CA root installed.
- Log on to your Windows server as Administrator.
- Start the IIS Internet Services Manager.
- Display your web site properties.
- Select Directory Security > Server Certificate to run the Web Server Certificate Wizard.
- Select "Create a new certificate", click Next.
- Select "Prepare the request now, but send later", click Next.
- Type in any simple name (e.g. "MyExampleUWSCAcert") for the certificate, 1024 is a good bit length, click Next.
- Type in Organization = "UW", Organization Unit = "" (actual text doesn't matter), click Next.
- Type your full DNS name for the Common Name, to conform to our DN policy.
- Select US for Country, type in "Washington" for state, and "Seattle" for city, click Next.
- Save the certificate request to a file (e.g. c:\certreq.txt).
- Finish the IIS Certificate Wizard.
- Open the certificate request file (e.g. in Notepad).
- Select the contents and copy it to the clipboard.
- Start a web browser, go to the UW Service CA web site (https://iam-tools.u.washington.edu/cs/), log in with your UW NetID, and select "New UWCA certificate".
- Choose the PEM method as you walk thru the request process.
- Paste the contents of your certificate request file (e.g. c:\certreq) into the "CSR" text field and submit your request.
- Wait for email acknowledging that your certificate has been issued.
- Go back to the UW Service CA web site, select the number corresponding with your current request from the list of Favorites, and click "Get PEM" or "Get PKCS 7" from the details display to the right.
- Copy, paste, and save the PEM certificate into a new file (e.g. c:\certfile.txt).
- Return to the Web Server Certificate Wizard.
- Process the pending request to install the new certificate (e.g. c:\certfile.txt).
Beginning with Windows Vista and Server 2008, the UW Services CA's Active X request method no longer works. It was retired October 2016.
Certificate requests on Windows without using IIS