Re: Backup "pending request"?

From: Mark (
Date: 09/27/03

  • Next message: Egbert Nierop \(MVP for IIS\): "IGNORE THIS"
    Date: Sat, 27 Sep 2003 08:51:35 +0100

    "Bernard" <> wrote in message
    > Now - when you get the cert from CA.
    > it DOES contains both private and public key.
    > you have 2 - not 1.

    Really? According to, if you don't
    backup the private key and lose it, the cert issued by the CA is useless.
    This would imply that they only send you a private key. (It would also be a
    bit insecure sending out your private key be email!) If they sent you both
    keys, why would you have to worry about backing up the private key?

    > so the same concept apply, if you have export
    > the cert 'correctly', it will contains 2 keys. and
    > you can use it and deploy at other server.
    > if for some reason you lost it, you can always
    > ask the CA to reissue one with charges of coz.
    > if you have the private keys, double click on
    > the cert, you will see a little note at the bottom
    > of the window - 'you have the associate private
    > keys.... bla bla'

    I've found that the cert only says this if you happen to import the cert on
    the same server that the private key is stored. If you import it to a
    separate server, the "you have the associated..." message isn't there. So,
    to me, it sounds like the CA only send out a public key? If you import this
    cert on a new server anyway, as I mentioned in an earlier post, it's useles
    anyway because it generates a SSL error.

    Given that this is so, I'm still not sure how to combine this with the CA to
    create a key pair that can be used by IIS, if the public and private keys
    are imported to a new server separately?



  • Next message: Egbert Nierop \(MVP for IIS\): "IGNORE THIS"