Re: Generate/Export PKCS #12 certificate from Win2k3 CA
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Sat, 8 Jan 2005 14:09:49 -0600
Windows 2003 CA would be able to do what you want. The .pfx file is the one
you need as it will include the private key. See the link below for more
http://tinyurl.com/532uy -- same link as above shorter.
The .cer file contains only the public key and my be useful if you need to
import/export the issuing CA certificate to the trusted root certificate
store on the client computer via the computer or user mmc certificates
snapin/trusted root folder - import. Just clicking a .cer or .pfx file will
start the installation wizard but you want to verity that the certificate is
installed in the correct store - user or computer.
When you export the private key you will need to use a password to protect
the sensitive private key in the .pfx file. Also select the option to export
all certificates in the chain which may make installing the CA certificate
easier. Keep in mind that user certificates are used for "user"
authentication and if your VPN client is l2tp you probably need a "computer"
certificate as l2tp requires certificate computer authentication in addition
to user authentication. --- Steve
"Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
wrote in message news:eTvs5tb9EHA.3616@TK2MSFTNGP11.phx.gbl...
> Hi. I am using a 3rd party VPN client which requires a PKCS #12
> certificate (*.p12) for use with RSA-Cert VPN connections. So far I have
> generated a certificate on our Win2k3 CA using the User Certificate
> Template, enabled 'Mark keys as exportable' and enabled strong private key
> protection. The request format is set for CMC and the Hash is SHA-1.
> Following this I can export two files, one is the .cer and the other is
> .pvk (private key). The format required for the VPN client (from what
> I've been informed so far) is PKCS #12 which would be .p12. I haven't
> managed to find much documentation online which explains the different
> file types, since I thought the .cer included PKCS #12.
> Is it possible to export the required .p12 certificate from a Win2k3 CA ?
> Thanks for any help,