Creating a client certificate

1. From any domain user account, open certlm.msc.

2. Click Certificates > Personal > Certificates > All Tasks > Request New Certificate.

3. Click Next.

4. Click Active Directory Enrollment > Client access.

   Note: Do the following if you do not want to use Active Directory Enrollment options:

   1. Click Configured by You > Add New.

   2. Enter the Enrollment Policy Server URI as CEP server address for either Username_Password or Kerberos Authentication.

   3. Select Authentication type as Windows Integrated.

   4. Click Validate Server.

   5. After successful validation, click Add.

   6. Click Next.

   7. Select any template.

5. Click Details > Properties.

6. Click Enroll.

7. In the Subject tab, provide a fully qualified domain name (FQDN).

8. In the Private Key tab, select Make private key exportable.

9. Click Apply > Enroll.

After enrolling the client certificate, do the following to export the client certificate in PFX format.

1. Click Certificate > All Tasks > Export.

2. Click Next > Yes, export the private key.

3. Click Next.

4. Type the password provided by the client.

5. Click Next.

6. Specify the file name in the Certificate Export dialog box.

7. Click Next > Finish.