User Manual
Step 1: Getting a certificate
To allow TLS authentication, you need a valid client (user) certificate in the local
repository for the logged-in user’s account. You also need a trusted CA certificate in the
root store.
The following information provides two methods for getting a certificate;
● from a corporate certification authority implemented on a Windows 2000 Server
● using Internet Explorer’s certificate import wizard to import a certificate from a file
Getting a certificate from a Windows 2000 CA:
1. Start Internet Explorer and browse to the Certificate Authority HTTP Service (use a
URL such as
http://myCA.myDomain.com).
2. Logon to the CA with the name and password of the user account you created
(above) on the authentication server. The name and password do not have to be
the same as the Windows logon name and password of your current user.
3. On the Welcome page of the CA select Request a certificate task and submit the
form.
4. On the Choose Request Type page, select Advanced request, then click Next.
5. On the Advanced Certificate Requests page, select Submit a certificate request to
this CA using a form, then click Submit.
6. On the Advanced Certificate Request page choose the User certificate template.
Select "Mark keys as exportable", and click Next. Use the provided defaults
shown.
7. On the Certificate Issued page select Install this certificate.
Note: If this is the first certificate you have obtained, the CA will first ask you
if it should install a trusted CA certificate in the root store. The dialog will not
say this is a trusted CA certificate, but the name on the certificate shown will
be that of the host of the CA. Click yes, you need this certificate for both TLS
and TTLS.
8. If your certificate was successfully installed, you will see the message, "Your new
certificate has been successfully installed."
9. To verify the installation, click Internet Explorer > Tools > Internet Options >
Content > Certificates. The new certificate should be installed in "Personal"
folder.