Hey everyone. Just a simple question I hope to have answered. I have been setting up a PKI infrastructure in a lab environment or testing purposes. The scope of our planned production PKI environment will be very robust, so I am testing things out as much as I can in the lab. My question is in regarding to enrolling servers once the PKi infrastructure is in place. For now, I just setup a mock PKI infrastructure with a online root (this is a lab). What I was curious about doing is enrolling/requesting certs to say web servers from the enterprise root CA. Meaning, how do I add a cert to a web server that will be internal to the company, so when a user browses to that web site, they are not prompted with the "there is a problem with this certificate message." I setup the PKI, quickly created a fast web site for testing purposes, and now I am trying to figure out what is the proper way for certs to be requested/installed on internal servers so users are not prompted with the ugly message. I hope that makes sense. Cheers, JW Jason

If you browse the webpage from cmoputer joined to same doain as Enterprise CA you should not see that ugly message. Prevent of that message is not based on how you request the cert but if the CA issueing the certificate is trusted by client computerWith kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

Ya, thats the issue. I created the CA and IIS server on a DC for testing purposes. however, when I navigate to https://localhost/CertSrv I am greeted with that lovely certificate message. Was trying to figure out how to make that go away. Somethign I am missing? Jason

you MUST connect to the server by it's FQDN and not "localhost".My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

Oh ya...that does make sense. Thank you.Jason