Great to hear!

Awesome, thank you!

Thank You too.

(1)

Why you want to install certificate with IP? You can use subject alternative name (SAN) option in certificate to add IPs.

Thank you!

1. Distribute root CA certificate group policy or 2. Configure Group Policy to Auto-enroll and Deploy Certificates.

.cer format.

@@MSFTWebCast But windows server will pick only pfx cert only, right? and as you said in the process that will not create a private key, How do we get private key?

@@venkateshm6040 Hello, could you please provide more details about what you're trying to accomplish?

@@MSFTWebCast I want to place DIGICERT in Windows server, the cert need private key, how to generate a private key to import pfx cert?

You can follow this video to create certificate with Subject Alternative Names: kzbin.info/www/bejne/oaPHao2pf6iNbNU If you are using self-signed certificate than import the certificate into trusted root certification authorities certificate store. In case, you are using internal Certification authority then import CA certificate into trusted root certification authorities certificate store. This will fix the "Not Secure" error.

@@MSFTWebCast with Chrome it is not sufficient import CA certificate into trusted root, certificate should have SAN DNS name

I watched the other video, very useful and informative, however, after creating the SAN certificate, adding it to IIS, then on my dev win 10 machine, added the certificate to the trusted zone, nor chrome nor edge wants to accept it, still getting "Not secure" whereas certificates I have created in the past with XCA tool were accepted by chrome

@@eliassal1 Can you mail me the screenshot of certificate with names and the error as well. You can find my email address on about tab (Channel Page).

@@MSFTWebCast Email sent with screenshots

Please refer this video: kzbin.info/www/bejne/oaPHao2pf6iNbNU

No, it will perfectly fine with local network.

Why didn't your comment get upvotes?????

I used Internet Explorer to access the web enrollment interface of the Internal (Local) certificate authority, by using /certsrv Note: To access certificate web enrollment page, you must have installed the CA web enrollment service on your server.

You can generate the CSR from any server you like.

In this video, the web server is joined to the Active Directory domain.

Awesome, thank you!

Did you check for certsrv virtual directory in IIS manager? Does the physical directory under C:\Windows\System32\CertSrv\En-US exists? The simple solution is: Uninstall and reinstall the certification authority web enrollment role. Keep in mind only CA web enrollment service.

Were you ever able to figure this out?? It's not making sense

Open Certification Authority on your CA. Expand Local CA name and click on Pending Requests. Select the requested certificate and approve it.

Hi, this is the old video, I have started to add hard-coded subtitles in all the newer videos. Will try to add the subtitle in older videos too.

@@MSFTWebCast Thank you very much.

Can you tell me more about the missing steps, so I could include those while re-creating the video with windows 11.

Google Chrome requires SSL certificates to use Subject Alternative Name (SAN) instead of the popular Common Name (CN). So you have to use SAN certificate.

Why dont you export the certificate again with .cer format? Yes, there are ways to convert it using some SSL converter tool but I have never tried it.

@@MSFTWebCast each time my ad certificate server is giving in p7b form only and when I am completing the request using p7b on iis, it is not recognizing the key. Basically looking for pfx or cer. My organization has given me the url of ad certificate server, like you were generaing in the video. Your certificate is coming in .cer but mine is coming in p7b

Did you ever figure this out?