Solved

Exporting Certificates from Certificate Services in PEM format

Posted on 2008-06-24
4
7,389 Views
Last Modified: 2008-07-07
Hi all,
There's two parts to this question:

Is it possible to export a certificate, including the private key in PEM format? This is the format that public certificate authorities issue their certificates over the web.

Second, if I have an offline standalone CA, and want to issue a certificate to a web server I will have to transfer the certificate via some medium, be it floppy, USB stick or whatever. What's the best way to request the certificate, and how should I export to transfer the certificate (ie, what format and how to export to a file)?

Thanks in advance!
0
Comment
Question by:fileinster
  • 2
4 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 21874942
You should be able to export the certificate, if you go into the certificate manager there should be an export option ... make sure you select "with private key" ... its there somewhere I might have the details wrong.
As for the format, I think the standard is BASE 64 encoded, if DER is included in addition to this (as oppsed to a different option) then select this one.

As for porting a certificate ... what ever it takes to get it there.
If your certificate authority is on the same network (or network accessible) then you don't even have to export and import anything.  The certificate request process will contact the certifcate server directly and then install the certificate once it is approved and available (well, you have to tell it to get it but it does the rest).  

If it is not network accessible then you save the certificate request to a file, upload the request file to certificate authority, they generate the certificate, you save the certificate, take it to the web server and then tell it to complete the request process and point it to the file.

Ok, I checked one of my web servers ...
Go to the default website and bring up the properties for it.
Select the Directory security tab and click the View certificate button near the bottom.
Next  select the Details tab and click the "Copy to file..." button near the bottom.
Follow the prompts ... you should have an option to "Yes, export the private key" when going through the Certificate Export wizard.
0
 
LVL 4

Author Comment

by:fileinster
ID: 21877006
Thanks for your comment.

Unfortunately that option doesn't exist. In the "Certificate Authority" snap-in, in the "Issued Certificates" node the only option available is "Export Binary Data". There are a number of options here, one of which is "Binary Certificate". when this is selected it exports the certificate, but not in BASE-64 but rather DER format.

BASE64 and DER are options on the certificate web services page, and I can only find a way to issue a BASE64 cert from the web services front end, not from the snap-in, and only at the time of issue. Is there any way to do this after the event?

Also, if you export the key from the web server that's only for an existing key already installed on the web server.

0
 
LVL 4

Accepted Solution

by:
fileinster earned 0 total points
ID: 21890709
I found this:

http://support.microsoft.com/kb/887490

This more or less answers my question. It turn out that once a certificate has been issued you  cannot export again in Base-64 format; you can only do it at time of issue. Shame!

For the points, can anyone suggest an alternative Windows based Certificate Authority, as opposed to the Microsoft option?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now