Solved

Exporting Certificates from Certificate Services in PEM format

Posted on 2008-06-24
4
7,441 Views
Last Modified: 2008-07-07
Hi all,
There's two parts to this question:

Is it possible to export a certificate, including the private key in PEM format? This is the format that public certificate authorities issue their certificates over the web.

Second, if I have an offline standalone CA, and want to issue a certificate to a web server I will have to transfer the certificate via some medium, be it floppy, USB stick or whatever. What's the best way to request the certificate, and how should I export to transfer the certificate (ie, what format and how to export to a file)?

Thanks in advance!
0
Comment
Question by:fileinster
  • 2
4 Comments
 
LVL 22

Expert Comment

by:cj_1969
ID: 21874942
You should be able to export the certificate, if you go into the certificate manager there should be an export option ... make sure you select "with private key" ... its there somewhere I might have the details wrong.
As for the format, I think the standard is BASE 64 encoded, if DER is included in addition to this (as oppsed to a different option) then select this one.

As for porting a certificate ... what ever it takes to get it there.
If your certificate authority is on the same network (or network accessible) then you don't even have to export and import anything.  The certificate request process will contact the certifcate server directly and then install the certificate once it is approved and available (well, you have to tell it to get it but it does the rest).  

If it is not network accessible then you save the certificate request to a file, upload the request file to certificate authority, they generate the certificate, you save the certificate, take it to the web server and then tell it to complete the request process and point it to the file.

Ok, I checked one of my web servers ...
Go to the default website and bring up the properties for it.
Select the Directory security tab and click the View certificate button near the bottom.
Next  select the Details tab and click the "Copy to file..." button near the bottom.
Follow the prompts ... you should have an option to "Yes, export the private key" when going through the Certificate Export wizard.
0
 
LVL 4

Author Comment

by:fileinster
ID: 21877006
Thanks for your comment.

Unfortunately that option doesn't exist. In the "Certificate Authority" snap-in, in the "Issued Certificates" node the only option available is "Export Binary Data". There are a number of options here, one of which is "Binary Certificate". when this is selected it exports the certificate, but not in BASE-64 but rather DER format.

BASE64 and DER are options on the certificate web services page, and I can only find a way to issue a BASE64 cert from the web services front end, not from the snap-in, and only at the time of issue. Is there any way to do this after the event?

Also, if you export the key from the web server that's only for an existing key already installed on the web server.

0
 
LVL 4

Accepted Solution

by:
fileinster earned 0 total points
ID: 21890709
I found this:

http://support.microsoft.com/kb/887490

This more or less answers my question. It turn out that once a certificate has been issued you  cannot export again in Base-64 format; you can only do it at time of issue. Shame!

For the points, can anyone suggest an alternative Windows based Certificate Authority, as opposed to the Microsoft option?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question