I want to use certificates to authenticate both client and server for a new internal service.
Since all our servers already have the SBS (2011 Standard) server's Cert installed as a Trusted Root, getting it to issue the new certificates seems like the right way to go.
All the documentation seems to indicate I should browse to SbsServer/certsrv
but there's nothing at that address. I've tried adding all the Role Services through the ferature manager that seem like they may be relevant, but still nothing.
Do I need to use the web front-end to issue certificates? If so, how can I enable it? If not, is there a wizard I can use?
/certsrv is one of a few ways you can manually request certificates from a client. It's kind of the legacy way in Vista and newer. If you wanted to manually request a computer certificate on Vista/Win7:
The best way is to do it automatically through GPO. For computer certificate auto enroll:
On server you should have one or more MMC consoles for Certificate Services management, not sure if SBS2011 pulls those into it's mgmt GUI or not.