Exporting Certificates from Certificate Services in PEM format

Hi all,
There's two parts to this question:

Is it possible to export a certificate, including the private key in PEM format? This is the format that public certificate authorities issue their certificates over the web.

Second, if I have an offline standalone CA, and want to issue a certificate to a web server I will have to transfer the certificate via some medium, be it floppy, USB stick or whatever. What's the best way to request the certificate, and how should I export to transfer the certificate (ie, what format and how to export to a file)?

Thanks in advance!
LVL 4
fileinsterAsked:
Who is Participating?
 
fileinsterConnect With a Mentor Author Commented:
I found this:

http://support.microsoft.com/kb/887490

This more or less answers my question. It turn out that once a certificate has been issued you  cannot export again in Base-64 format; you can only do it at time of issue. Shame!

For the points, can anyone suggest an alternative Windows based Certificate Authority, as opposed to the Microsoft option?
0
 
cj_1969Commented:
You should be able to export the certificate, if you go into the certificate manager there should be an export option ... make sure you select "with private key" ... its there somewhere I might have the details wrong.
As for the format, I think the standard is BASE 64 encoded, if DER is included in addition to this (as oppsed to a different option) then select this one.

As for porting a certificate ... what ever it takes to get it there.
If your certificate authority is on the same network (or network accessible) then you don't even have to export and import anything.  The certificate request process will contact the certifcate server directly and then install the certificate once it is approved and available (well, you have to tell it to get it but it does the rest).  

If it is not network accessible then you save the certificate request to a file, upload the request file to certificate authority, they generate the certificate, you save the certificate, take it to the web server and then tell it to complete the request process and point it to the file.

Ok, I checked one of my web servers ...
Go to the default website and bring up the properties for it.
Select the Directory security tab and click the View certificate button near the bottom.
Next  select the Details tab and click the "Copy to file..." button near the bottom.
Follow the prompts ... you should have an option to "Yes, export the private key" when going through the Certificate Export wizard.
0
 
fileinsterAuthor Commented:
Thanks for your comment.

Unfortunately that option doesn't exist. In the "Certificate Authority" snap-in, in the "Issued Certificates" node the only option available is "Export Binary Data". There are a number of options here, one of which is "Binary Certificate". when this is selected it exports the certificate, but not in BASE-64 but rather DER format.

BASE64 and DER are options on the certificate web services page, and I can only find a way to issue a BASE64 cert from the web services front end, not from the snap-in, and only at the time of issue. Is there any way to do this after the event?

Also, if you export the key from the web server that's only for an existing key already installed on the web server.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.