?
Solved

Exporting Certificates from Certificate Services in PEM format

Posted on 2008-06-24
4
Medium Priority
?
7,706 Views
Last Modified: 2008-07-07
Hi all,
There's two parts to this question:

Is it possible to export a certificate, including the private key in PEM format? This is the format that public certificate authorities issue their certificates over the web.

Second, if I have an offline standalone CA, and want to issue a certificate to a web server I will have to transfer the certificate via some medium, be it floppy, USB stick or whatever. What's the best way to request the certificate, and how should I export to transfer the certificate (ie, what format and how to export to a file)?

Thanks in advance!
0
Comment
Question by:fileinster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 21874942
You should be able to export the certificate, if you go into the certificate manager there should be an export option ... make sure you select "with private key" ... its there somewhere I might have the details wrong.
As for the format, I think the standard is BASE 64 encoded, if DER is included in addition to this (as oppsed to a different option) then select this one.

As for porting a certificate ... what ever it takes to get it there.
If your certificate authority is on the same network (or network accessible) then you don't even have to export and import anything.  The certificate request process will contact the certifcate server directly and then install the certificate once it is approved and available (well, you have to tell it to get it but it does the rest).  

If it is not network accessible then you save the certificate request to a file, upload the request file to certificate authority, they generate the certificate, you save the certificate, take it to the web server and then tell it to complete the request process and point it to the file.

Ok, I checked one of my web servers ...
Go to the default website and bring up the properties for it.
Select the Directory security tab and click the View certificate button near the bottom.
Next  select the Details tab and click the "Copy to file..." button near the bottom.
Follow the prompts ... you should have an option to "Yes, export the private key" when going through the Certificate Export wizard.
0
 
LVL 4

Author Comment

by:fileinster
ID: 21877006
Thanks for your comment.

Unfortunately that option doesn't exist. In the "Certificate Authority" snap-in, in the "Issued Certificates" node the only option available is "Export Binary Data". There are a number of options here, one of which is "Binary Certificate". when this is selected it exports the certificate, but not in BASE-64 but rather DER format.

BASE64 and DER are options on the certificate web services page, and I can only find a way to issue a BASE64 cert from the web services front end, not from the snap-in, and only at the time of issue. Is there any way to do this after the event?

Also, if you export the key from the web server that's only for an existing key already installed on the web server.

0
 
LVL 4

Accepted Solution

by:
fileinster earned 0 total points
ID: 21890709
I found this:

http://support.microsoft.com/kb/887490

This more or less answers my question. It turn out that once a certificate has been issued you  cannot export again in Base-64 format; you can only do it at time of issue. Shame!

For the points, can anyone suggest an alternative Windows based Certificate Authority, as opposed to the Microsoft option?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question