Anyone.I am administering a network that was constructed by an outsourced company. We had a contract and that had ended. Unfortunately the CA server had to be rebuilt, and I cannot see how I can create a web page, whereby users will click on a link and it will ask to install a certificate. I'm not talking about the Certificate Web Enrollment as this has various option. I'm taking about a single page that has a certificate tied to it.Scenario:An external user logs on to OWA or our Portal site.IE7 says that the certificate is not valid (this is because we issue our own certificate)The user clicks on 'Continue to the website'They then have the red bar across the top and they log into the Portal. Upon entry to the Portal site, the user has the option to install a certificate 'For first time users please click 'HERE' to install the certificate for this website'This is obviously the certificate tied into the web listener on our ISA 2006 server and is a wild card cert.However, I am trying to find the web page that will allow external users to first log in and then goto the web page that has a 'Install Certificate' button (just like the internal web enrollments page) and then closes and goes back to the portal site.When the user logs in a second time they do not have the error as they have already downloaded the certificate.The problem I have at the moment is that the Certificate error occurs and you can view the cert, but it DOES NOT let you install it. That option is greyed out.I have seen this page a few years back so I know it exists. Just how do you find it and publish it?It is normally refered to as CertInstall instead of CertSrv. Forgive me if this is not in the correct Forum but I believe it does fit under general security issues.Tom.

Tom,Can't you just create a page that has a link to the certificate ".cer" file?The problem with the approach you describe is that by default the certificate will be installed into the users personal store. It sounds like you want users to install the certificate into the trusted store. Users will have to do some manual steps; or you should make sure that your cert chains up to an existing trusted root.Andrew

hi there,you can also follow a GPO procedure to deploy certificates to trusted root storewith GPO there is a way to deploy ce CAcertificateto client computers (e.g. computerconfig --> Windows --> Security --> Public Key -->Trusted ). Certificates are then deployed to the "Trusted Publishers" certificate store. sainath Windows Driver Development