# Requesting a Web Server Certificate

Requesting a new certificate varies depending on your company policies. This document describes how to request a new web certificate if using an Active Directory Enrollment Policy.

To request a web server certificate:

1. Open the local machine certificate snap-in by entering the command: **certlm.msc**.
2. Expand the Personal folder and right-click the Certificates folder. In the context menu, select **All Tasks** - **Request New Certificate...**\
   ![](https://109907496-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYUaU4nvWOjjzrdVpKtdy%2Fuploads%2FuCtcryAKIuDlGvEX6noo%2FCerts-RequestNewCertificate.jpg?alt=media\&token=8ef11066-00dd-43ff-9996-1ccc1334c90b)
3. In the "Certificate Enrollment" wizard, at the "Before You Begin" screen, click **Next**.
4. At the "Select Certificate Enrollment Policy" screen, select **Active Directory Enrollment Policy** and then click **Next**.&#x20;
5. At the "Request Certificates" screen, select the web server certificate template, and click the link **More information is required to enroll for this certificate. Click here to configure settings.**&#x20;
6. At the "Certificates Properties" screen, in the "Alternative name" section, use the Type drop-down and select **DNS**. In the Value field, enter the FQDN of the StifleR server in which the certificate will be installed. You can also add additional values for DNS (CNAME) Aliases. Click **OK** to save the settings.\
   ![](https://109907496-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYUaU4nvWOjjzrdVpKtdy%2Fuploads%2FfdoQ8VPzOy3CsIk09w5i%2FCerts-AddingSAN.jpg?alt=media\&token=c0c22626-cf72-42dc-8118-b5386a0e88fc)
7. Once complete, click **Enroll** and then click **Finish** to close the wizard.&#x20;
8. You should see the certificate in the certificates store. **Double-click** the certificate and click the **Details** tab.&#x20;
9. Scroll down and select the **Subject Alternative Name** field, in the value box, you should see the DNS Name you entered earlier.&#x20;
10. Select the **Thumbprint** field. In the value box, you should see the certificate thumbprint. This can be copied by using the hotkeys **CTRL-C**. It is important to capture this value to add to the StifleR Config file when implementing HTTPS in StifleR. \
    ![](https://109907496-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FYUaU4nvWOjjzrdVpKtdy%2Fuploads%2FOw3lzWP9Bf7KAyj4jllE%2FCerts-PropertiesThumbprint.jpg?alt=media\&token=e510de29-e505-40cd-a9c1-a56c5732e596)