Solved

IIS 5, Private Key

Posted on 2002-04-08
3
400 Views
Last Modified: 2010-04-13
To make a long story short, the "All Users.WINNT" folder in a Win2k Server machine with IIS 5 got deleted.

Whenever I try to export the private key & certificate (for the 2nd one we were issued) it says it's not exportable (this was not restored from a previous backup with the "exportable" option unchecked).

I have a .pfx backup of the 1st certificate we were issued, which contains both the private key & certificate.

My question is, do all certificates use the same private key (e.g. is the private key unique for every server, for for every certificate)?  If they do, does anyone know of a way to join the private key from the 1st certificate to the 2nd one?  That might mean "hacking" into the OS, but if anyone knows of anything I'd be really happy. :)

I was reading about the metabase IIS uses where everything is stored.  Before I spend hours programming something I'd like to know if there's already a program that will do it and if it's even possible through the metabase API in the Win2k SDK.

I'd even be willing to give more than 300 points through another question if you can fix it for me.  What sucks is that we got the certificate a month ago and won't expire for some time.  And yes, I know to back it up next time--I'm somewhat new to SSL.
0
Comment
Question by:NelsonR
  • 2
3 Comments
 

Author Comment

by:NelsonR
Comment Utility
Here's an idea:
http://www.cashcow.dk/Home/faq.html

I do have a Hex editor.  The problem is I couldn't find "private-key", but I did find several "30 82"s.  Maybe it's for an older version, but it might help other people out there. :)
0
 
LVL 32

Accepted Solution

by:
jhance earned 300 total points
Comment Utility
>>My question is, do all certificates use the same private
>>key (e.g. is the private key unique for every
>>server, for for every certificate)?  

No. With SSL (which uses RSA public key crypto) there is a 1:1 relationship between public and private keys.  Any public key has one and only one private key.  Otherwise the system would be unworkable.


>>...know of a way to join the private key from
>>the 1st certificate to the 2nd one?  That might
>>mean "hacking" into the OS, but if anyone knows of
>>anything

No way here.  The 1st cert uses a DIFFERENT private key from the 2nd one.  It MUST be that way, otherwise the 2nd public key would be identical to the first.  A new private key was generated with your CSR (Certificate Signing Request).  

>>I'd be really happy. :)

Hmmm, you might be less happy if what you want to do was practical.  I would mean that your SSL cert is insecure.  About the only approach that I can think of would be a brute-force attempt to crack the keys.  If you try all the possible private keys (unfortunately there are a lot of them!!) you'll have it.  

Practically, however, you're going to have to generate a NEW CSR (and with it a new private key) and then get a new SSL cert.  Yes, you'll probably have to pay for a new one and you might try pleading your case with VeriSign or Thawte (or whoever made your cert) but don't expect to get any favors from them.  I'm sure they get sob stories all the time....

I'd chalk this up to a learning experience about the value of backups....
0
 

Author Comment

by:NelsonR
Comment Utility
As I said, I'm somewhat new to SSL so I didn't know how it all worked.  I now know how to back it up (and believe me, I will! :).  I've actually learned quite a bit about keys, etc. since this happened.

I don't think Thawte will buy it because it has been more than 30 days.

About brute force, http://www.allcondoms.com/ssl_security.htm talks some about it (I just did a search on google, don't ask about allcondoms.com).  I don't think I'll try that anytime soon, especially with 128 bit keys (2^128 is a BIG number).

Anyway, I now know how they work.. sucks to be me. :)  But then again, $200 isn't that much and I can live with it.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now