Re: Private & Public Key storage location

Well, I guessed it all depends on the discussion context.
Typically - CSR is encoded ASCII text with requested identification of the
computer, you can 'said' that public key is there, yes it is there, you can
also 'said' private key is also there, coz it will 'derive' or 'generate'
from it by the CA.

In normal context, typically CSR don't associate with public or private
keys, because you can't really use it yet.
It will become 'valid' once the CA has signed and generate the real
certificate, then the concept of public/private key popup.
I hope I didn't confuse you, I mean you can't really don't anything with the
so called 'keys' with the CSR.

Keys is only valid when the cert is issued. now -
A] if the website generates a Keypair of its own before it creates the CSR
that's part of the CSR process, to the point here the key is useless
until the cert is installed

B] How can the CSR be encrypted by Public/private key both at the same
time?
it is not encrypted, just encode.

C] Is it that the CSR contains both the private & public keys of the
website?
again depend on how you actually see it. To me, the issued cert from a
trusted CA, contains both public/private keys.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Vicky" <Vicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B3052C4A-3501-4B71-8FE5-515089606B2C@xxxxxxxxxxxxxxxx
Dear Bernard,

I have read all that stuff at the links you are refering to.
The pages on MS wesite lack clarity & I have wrote a comment to them such
as

1] Under the section

"Obtain a Certificate"
"......The CSR is simply an encrypted text message that is encrypted with
a
public/private key pair."

Now could it be made clear
A] if the website generates a Keypair of its own before it creates the CSR
B] How can the CSR be encrypted by Public/private key both at the same
time?
C] Is it that the CSR contains both the private & public keys of the
website?

What is true & presice ?


"Bernard Cheah [MVP]" wrote:

Read -
How To Enable SSL for All Customers Who Interact with Your Web Site in
Internet Information Services
http://support.microsoft.com/?id=298805

that's why typically - we have trusted CA list in browser that we can
trust.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Vicky" <Vicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:90DB2326-7C0B-4457-91CD-2E7ABC1828FB@xxxxxxxxxxxxxxxx
I am shocked to here that it is the CA who generates the Private &
public
key
(Key Pair) for my own website.
You seem to have shattered my understanding of the whole process. How
can
my
private ley be a private affair if the CA generates it for me (my
website).
I think I need to build more clarity of the whole process. Maybe I have
wrong ideas.

"Bernard Cheah [MVP]" wrote:

You only send the request file to CA. CA will then issue you the cert
with
both private and public key.

To back it up, export the key (including private) and safe guard the
file,
refer
HOW TO: Back Up a Server Certificate in Internet Information Services
5.0
http://support.microsoft.com/?id=232136



--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Vicky" <Vicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:322F8088-D472-487F-8F30-F1616EFCD995@xxxxxxxxxxxxxxxx
hi,

when I configure IIS server on a windows 2000 or 2003 server to use
the
ssl
protocol, I have to make a certificate request, during which the web
site
generates a Key pair (public & private).

My public key is sent to the CA alomg with my certificate request.
I wish to know where is my web site key pair stored on my local
system.
Can
I also see the public key & is it possible to have both this keys
copied
to a
desired location as a backup.


Vicky








.

Relevant Pages

  • Re: Private & Public Key storage location
    ... public/private key pair." ... C] Is it that the CSR contains both the private & public keys of the website? ... My public key is sent to the CA alomg with my certificate request. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CSR Generation
    ... I usually describe CSR as your public key not encrypted ... and not signed by the CA. Signing by a CA makes it your certificate. ... (As the option for installing cert is dimmed). ...
    (microsoft.public.security)
  • Re: Unsigned CSR vulnerability
    ... Let's suppose that Alice is requesting a certificate and ... How will signing the CSR affect the plausibility of Alice's claim? ... public key), in this scenario only the first relationship was checked ... Will this fact make Alice's purchase repudiation plausible? ...
    (sci.crypt)
  • CSR Generation
    ... What is CSR actually contained? ... Does the CSR also contains my public key? ... Is that for some server such as IIS, I cannot install the cert unless I have ... (As the option for installing cert is dimmed). ...
    (microsoft.public.security)
  • Re: CSR Generation
    ... Then why there are two way for submitting the CSR? ... Generated by the web server ... > Fill details are in PKCS #10, Certification Request Syntax Standard ... >> contains encrypted message encrypted with my public key. ...
    (microsoft.public.security)