Autoenrollment Client Root Certificates

= Autoenrollment Client and CA Root Certificates =


 * Ensure there is a wired connection (or wireless connection with open security) between client and server.
 * Open internet explore and go on: http://192.168.0.98/certsrv/
 * Then key in your client ID,  Ex. 192.168.0.98\8021xuser, and password,  Ex. Radius01,to login the RADIUS server



Install Client Certificate

 * Select  Request a certificate 




 * Select  User Certificate 




 * Click on submit; then wait for the response from server






 * Select  install this certificate ; you might see the security warning message shown in the following figure. Select Yes to process the installation.






 * If certificate is installed properly you will see a message Certificate installed




 * After installing the client sertificate, you could export the client certificate to other client machines. The details about the exportation of client certificate is in the section of Exporting Client Certificate from Windows Certificate Store of a WinXP Client.

Install CA Root Certificate

 * Select  Download a CA certificate chain or CRL  on the home page of certificate service.




 * Select  Install this CA certificate chain. You might see the Potential Scripting Violation message comes up. Select Yes to proceed the installation.






 * If certificate is installed properly you will see a message The CA certificate has been successfully installed



Exporting Client Certificate from Windows Certificate Store of a WinXP Client

 * Open a Microsoft Internet Exploer Browser. Clieck on Tools menu, then select Internet Options.
 * Switch to Content tab then click on Certificate button.
 * Under Personal tab, select a client certificate you would like to export. Here we have  8021xuser  issued by Example CA. After selecting, click on Export button.




 * Click the Next button when the export wizard appears. Select  Yes, export the private key</b>. Then Next.




 * Select  Personal Information Exchange - PKCS#12(.pfx)</b> option and select option  Include all certificates in the certification path if possible</b> then Next.



 Note: the password you entered here is used for importing the certificate to other clients.</b>
 * Enter and confirm a password which will be used for the encryption of the exported private key and certificate.




 * Type a file name and choose a path where the certificate will be exposed to then click Next.




 * Click on Finish. If the export is successful, we will see a message  The export was successful.</b> Now your client certificate has mobility for you to import it on other devices, Ex. Android handset.