Solved

Exporting Certificates from Certificate Services in PEM format

Posted on 2008-06-24
4
7,327 Views
Last Modified: 2008-07-07
Hi all,
There's two parts to this question:

Is it possible to export a certificate, including the private key in PEM format? This is the format that public certificate authorities issue their certificates over the web.

Second, if I have an offline standalone CA, and want to issue a certificate to a web server I will have to transfer the certificate via some medium, be it floppy, USB stick or whatever. What's the best way to request the certificate, and how should I export to transfer the certificate (ie, what format and how to export to a file)?

Thanks in advance!
0
Comment
Question by:fileinster
  • 2
4 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 21874942
You should be able to export the certificate, if you go into the certificate manager there should be an export option ... make sure you select "with private key" ... its there somewhere I might have the details wrong.
As for the format, I think the standard is BASE 64 encoded, if DER is included in addition to this (as oppsed to a different option) then select this one.

As for porting a certificate ... what ever it takes to get it there.
If your certificate authority is on the same network (or network accessible) then you don't even have to export and import anything.  The certificate request process will contact the certifcate server directly and then install the certificate once it is approved and available (well, you have to tell it to get it but it does the rest).  

If it is not network accessible then you save the certificate request to a file, upload the request file to certificate authority, they generate the certificate, you save the certificate, take it to the web server and then tell it to complete the request process and point it to the file.

Ok, I checked one of my web servers ...
Go to the default website and bring up the properties for it.
Select the Directory security tab and click the View certificate button near the bottom.
Next  select the Details tab and click the "Copy to file..." button near the bottom.
Follow the prompts ... you should have an option to "Yes, export the private key" when going through the Certificate Export wizard.
0
 
LVL 4

Author Comment

by:fileinster
ID: 21877006
Thanks for your comment.

Unfortunately that option doesn't exist. In the "Certificate Authority" snap-in, in the "Issued Certificates" node the only option available is "Export Binary Data". There are a number of options here, one of which is "Binary Certificate". when this is selected it exports the certificate, but not in BASE-64 but rather DER format.

BASE64 and DER are options on the certificate web services page, and I can only find a way to issue a BASE64 cert from the web services front end, not from the snap-in, and only at the time of issue. Is there any way to do this after the event?

Also, if you export the key from the web server that's only for an existing key already installed on the web server.

0
 
LVL 4

Accepted Solution

by:
fileinster earned 0 total points
ID: 21890709
I found this:

http://support.microsoft.com/kb/887490

This more or less answers my question. It turn out that once a certificate has been issued you  cannot export again in Base-64 format; you can only do it at time of issue. Shame!

For the points, can anyone suggest an alternative Windows based Certificate Authority, as opposed to the Microsoft option?
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times. After you install the OS you will need to install the fol…
Learn about cloud computing and its benefits for small business owners.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now