Re: sslstream and certificates

From: Jakob Nielsen (a_at_b.c)
Date: 05/26/05 

Date: Thu, 26 May 2005 18:39:54 +0200

> You need to install the private key into the CAPI keystore. If you have a
> p12 or pfx file with the certificate and private key, you can use that to
> import them into the key store.

I have a *.crt file and one called *.key

The keyfile starts with
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,48DCE18A11B80350

and the crt starts with
-----BEGIN CERTIFICATE-----

Perhaps someone can tell me if those are usable and how to import them. I
can install the crt file, but I can not specify the private key and it
doesnt seem to load it automatically simply because there is a key file at
same location.

> Windows doesn't let you read private keys directly off the file system
> like that. It wants to use the CAPI store. When you specify a
> certificate to use, it simply uses that as a key to look up that
> certificate in the CAPI store and find the associated private key.

Ok, that was my first mistake. I thought that by giving a filename, the
certificate would be loaded from there..

If the certificates, that I have, are invalid for my purpose then how can I
easily get a usable certificate?
Thanks for your response. Have been fighting with this for a while now :-/

Relevant Pages

  • Re: Suppressing security dialogs when app opens
    ... "Adding the above two keys to the install makes the runtime install ... I'm not comfortable altering the security mechanism of a machine without the user's knowledge ... ... Because a digital certificate you create yourself isn't issued by a formal certification authority, ... Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate ...
    (comp.databases.ms-access)
  • Re: Certificates on Floppy Disk?
    ... > give you the option to install this certificate which you want to do. ... > unselect enable strong protection as user will have to enter private key ... > personal folder for the computer store and select import and then browse ...
    (microsoft.public.windows.server.security)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • RE: 3rd Party Certificate Pending Request not found
    ... This request may be canceled. ... After much trial and tribulation the 3rd party GoDaddy certificate started ... You are attempting to install a certificate that does not match the private ... If you have a backup of the private key, you can install the certificate via ...
    (microsoft.public.windows.server.sbs)