[section_title title=Getting the Certificate and the Certificate Chain]

There are always multiple ways to get the Certification Authority (CA) certificate and the CA Certificate Chain but I will explain only two ways. Once you have the certificates using one of the following methods continue on to the next step for the actual installation of these certificates.

1. Use Firefox

In this case the Microsoft Active Directory Certification Services website does not complain about the server update requirement so you can get to the certificate download page but when you click on the actual certificate install link Firefox will try to install the certificate in it’s own security framework instead of passing it on to Windows. To get around this you have to right click on the link and click “Save Link As…” to save the certificate on the hard disk for import later.

2. Use These Links

If you don’t have Firefox installed then your other option is to use the following links, which I have extracted from the Certification Services website. Just replace SERVER_NAME_AND_PATH with the name of your server and any extra path, and paste it in Internet Explorer (IE). IE will prompt you to save the certificate.

The URLs are set for Base 64 encoding, if you need DER encoding then replace b64 with bin.

Certificate Chain URL
http:///certsrv/certnew.p7b?ReqID=CACert&Renewal=0&Enc=b64

Certificate URL
http:///certsrv/certnew.cer?ReqID=CACert&Renewal=0&Mode=inst&Enc=b64

Update: To be complete I have posted the URLs to both, the certificate and the certificate chain. Since there is only one level in this specific scenario, I believe that importing either of the above will accomplish the goal.