Re: Microsoft Certificate Services

From: Pent (pent)
Date: 11/05/03


Date: Wed, 5 Nov 2003 11:09:23 -0500


.cer doesn't have a private key. .pfx file normally has certificate and
private key.

When you generate certificate request in IIS, the private key will be
already stored in the store. So if you get a certificate back from CA for
the certificate request from IIS then after you install the .cer it will be
associated with the original private key.

http://www.microsoft.com/downloads/details.aspx?FamilyId=CABEA1D0-5A10-41BC-83D4-06C814265282

"trinitypete" <support@trinity.com> wrote in message
news:10d601c3a3b3$69ec4070$a301280a@phx.gbl...
> Pent,
>
> Sorry, I should have said, I did import it to the local
> machine personal folder. Then I assign the server
> certificate to IIS SSL - everything seems OK but SLL
> doesn't work. For some reason the private key doesn't get
> imported from the cer file unless it is via the first
> option in the previous mail.
>
> Pete.
>
>
> >-----Original Message-----
> >You have to know where to import it to
> >
> >"trinitypete" <support@trinity.com> wrote in message
> >news:0f5f01c3a3a9$56afd3f0$a301280a@phx.gbl...
> >> Hi all,
> >>
> >> I have a question regarding certificates which I hope
> >> some one can explain. (Win2003 & XP Pro)
> >>
> >> I needed a web server certificate (SSL) so I did the
> >> following:
> >>
> >> IIS - Request certificate to send later, creates text
> >> file.
> >>
> >> Using web UI for Microsoft Certificate Services,
> advanced
> >> request. Submit a certificate request by using a base-
> 64-
> >> encoded CMC or PKCS #10 file, or submit a renewal
> request
> >> by using a base-64-encoded PKCS #7 file. Copy in the
> >> contents of the text file and a certificate is issued.
> >>
> >> This is the bit I need clarifying.
> >> ----------------------------------
> >>
> >> THIS WORKS
> >> If you go back into IIS - server certificate and check
> >> pending request, browse to the certificate file
> produced
> >> by Microsoft Certificate Service - the certificate is
> >> imported along with the private key from the .cer file.
> >>
> >> THIS DOESNT
> >> If you didn't do the above and just install the
> >> certificate from opening the .cer file and selecting
> >> install, or import the certificate via MMC snap in, you
> >> dont get the private keys????
> >>
> >> Any help would be appreciated.
> >> Pete.
> >
> >
> >.
> >



Relevant Pages

  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)
  • RE: SIMple SSL question ??
    ... "Remove the certificate request file and store the SSL certificate file in a ... The private key is not passed in the certificate request, ...
    (microsoft.public.dotnet.security)
  • Re: Unable to use third-party cert after Exch Sp2 update on SBS200
    ... Every *server* certificate in IIS has to have a private key. ... The public key is sent when a request from a browser hits IIS...that is the certificate you see and can view in the address bar. ... IF IIS didn't have a private key for the certificate then IIS would have no way to properly encrypt the data. ...
    (microsoft.public.windows.server.sbs)
  • Re: X.509 Certificate based authentication
    ... certificate with a duplicate name, but I suppose it could happen. ... alternative name) is the only thing you get from the cert that gives you any ... identity information about "who" owns the private key for the cert's public ... Does IIS map the public key to a windows ...
    (microsoft.public.dotnet.framework.aspnet.security)