Re: Backup "pending request"?

From: Mark (mark_at_ReMoVeThIsBiTmossywell.com)
Date: 09/27/03

  • Next message: Egbert Nierop \(MVP for IIS\): "IGNORE THIS" 
    Date: Sat, 27 Sep 2003 08:51:35 +0100

    "Bernard" <qbernard@hotmail.com> wrote in message
    news:O4%237bXLhDHA.1008@TK2MSFTNGP12.phx.gbl...
    > Now - when you get the cert from CA.
    > it DOES contains both private and public key.
    > you have 2 - not 1.

    Really? According to
    http://www.thawte.com/html/SUPPORT/keygen/msiis5/msiis5.html, if you don't
    backup the private key and lose it, the cert issued by the CA is useless.
    This would imply that they only send you a private key. (It would also be a
    bit insecure sending out your private key be email!) If they sent you both
    keys, why would you have to worry about backing up the private key?

    >
    > so the same concept apply, if you have export
    > the cert 'correctly', it will contains 2 keys. and
    > you can use it and deploy at other server.
    >
    > if for some reason you lost it, you can always
    > ask the CA to reissue one with charges of coz.
    >
    > if you have the private keys, double click on
    > the cert, you will see a little note at the bottom
    > of the window - 'you have the associate private
    > keys.... bla bla'

    I've found that the cert only says this if you happen to import the cert on
    the same server that the private key is stored. If you import it to a
    separate server, the "you have the associated..." message isn't there. So,
    to me, it sounds like the CA only send out a public key? If you import this
    cert on a new server anyway, as I mentioned in an earlier post, it's useles
    anyway because it generates a SSL error.

    Given that this is so, I'm still not sure how to combine this with the CA to
    create a key pair that can be used by IIS, if the public and private keys
    are imported to a new server separately?

    Cheers
    Mark

    [snip]

  • Next message: Egbert Nierop \(MVP for IIS\): "IGNORE THIS"

    Relevant Pages

    • Re: Private & Public Key storage location
      ... When you got the server cert file, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
      (microsoft.public.inetserver.iis.security)
    • Re: TIPS FOR THE NEWCOMER
      ... As long as the private key is readable by the ssh client when it comes ... When the ssh client connects to the server, ... private key which matches the public key. ...
      (SSH)
    • Re: Private & Public Key storage location
      ... client use the public key to ... corresponds to this certiticate' when you view the cert. ... it will has the private key as well. ... installed for your website, it will be sent to all the clients who connect ...
      (microsoft.public.inetserver.iis.security)
    • Re: applet file output
      ... Authentication is how the web server knows that ... > it is supposed to allow the applet to write the data. ... > has a distinct private key locally on their machine and the server has ... public key and hard code it into the applet. ...
      (comp.lang.java.programmer)
    • Re: How to exchange certificate ?
      ... certificate store (I own ONLY a public key). ... >contained in a certificate store AND having an associated private key. ... you can test any cert for an associated private key using: ...
      (microsoft.public.platformsdk.security)