Re: Backup "pending request"?
From: Mark (mark_at_ReMoVeThIsBiTmossywell.com)
Date: Sat, 27 Sep 2003 08:51:35 +0100
"Bernard" <firstname.lastname@example.org> wrote in message
> Now - when you get the cert from CA.
> it DOES contains both private and public key.
> you have 2 - not 1.
Really? According to
http://www.thawte.com/html/SUPPORT/keygen/msiis5/msiis5.html, if you don't
backup the private key and lose it, the cert issued by the CA is useless.
This would imply that they only send you a private key. (It would also be a
bit insecure sending out your private key be email!) If they sent you both
keys, why would you have to worry about backing up the private key?
> so the same concept apply, if you have export
> the cert 'correctly', it will contains 2 keys. and
> you can use it and deploy at other server.
> if for some reason you lost it, you can always
> ask the CA to reissue one with charges of coz.
> if you have the private keys, double click on
> the cert, you will see a little note at the bottom
> of the window - 'you have the associate private
> keys.... bla bla'
I've found that the cert only says this if you happen to import the cert on
the same server that the private key is stored. If you import it to a
separate server, the "you have the associated..." message isn't there. So,
to me, it sounds like the CA only send out a public key? If you import this
cert on a new server anyway, as I mentioned in an earlier post, it's useles
anyway because it generates a SSL error.
Given that this is so, I'm still not sure how to combine this with the CA to
create a key pair that can be used by IIS, if the public and private keys
are imported to a new server separately?