Microsoft Certificate Services

From: trinitypete (support_at_trinity.com)
Date: 11/05/03


Date: Wed, 5 Nov 2003 06:30:19 -0800

Hi all,

I have a question regarding certificates which I hope
some one can explain. (Win2003 & XP Pro)

I needed a web server certificate (SSL) so I did the
following:

IIS - Request certificate to send later, creates text
file.

Using web UI for Microsoft Certificate Services, advanced
request. Submit a certificate request by using a base-64-
encoded CMC or PKCS #10 file, or submit a renewal request
by using a base-64-encoded PKCS #7 file. Copy in the
contents of the text file and a certificate is issued.

This is the bit I need clarifying.
----------------------------------

THIS WORKS
If you go back into IIS - server certificate and check
pending request, browse to the certificate file produced
by Microsoft Certificate Service - the certificate is
imported along with the private key from the .cer file.

THIS DOESNT
If you didn't do the above and just install the
certificate from opening the .cer file and selecting
install, or import the certificate via MMC snap in, you
dont get the private keys????

Any help would be appreciated.
Pete.



Relevant Pages

  • Re: Computer and User Certificates Issues
    ... Enrollment of User Certificates using the custom v2 User Certificate Template ... I can NOT request the custom v2 Computer Cert nor the included v1 no ... Concerning permissions, these are the exact permissions I am using now: ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... request a computer certificate for about 9 months. ... and verify that you can get a computer/server certificate from it. ... List of NetBt transports currently bound to the Redir ... DNS Host Name: srvr3.domain.com ...
    (microsoft.public.windows.server.security)
  • RE: SIMple SSL question ??
    ... OK - i would also delete a cert request file lying around. ... But a certificate is a pub key + extra info. ... That said - if someone compromises the server he will also find a way to retrieve the private key. ... traffic between the initial web server and the client. ...
    (microsoft.public.dotnet.security)
  • Re: how can we restrict what certificate WSE will use?
    ... the valid x509 certificate which is used to identify him'. ... X509SecurityTokenManager to verify the request is from a trusted client. ... the problem is that he can not passed the authentication (suppose we ... > decrypte and signature validation process. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Web Certificate Enrollment security problem
    ... Enrollment works only with the NetBIOS Name and not with the FQDN. ... Svyatoslav Pidgorny, MS MVP - Security, MCSE ... access auditing and logging "issue and manage certificate requests" on ... Have seen that there is a component "Certsrv Request" when launching ...
    (microsoft.public.security)