Generate a certificate with exportable private key
I've been struggling with generating a certificate with an exportable private key. I'm running Win 2008 as an enterprise cert server. I already created a template with a private key exportable. I've even tried the request.inf template route. I can generate certs with exportable keys that work fine for Win servers. I've been playing with OpenSSL, all to no avail.
Here's the steps:
I get a cert request from a Linux web server. I need to take this and generate a certificate that has the private key exportable. I need to supply the certificate that the Linux system can import as the webserver certificate. I also need to supply the private key. This will be used on an appliance that watches SSL traffic.
What I've tried:
Take the Linux-generated request. Go to the certserv web page. Go to Advanced. Go to supplying the request. Paste in the request (with no extra spaces or line returns). Select the correct template (WebServerPKE, which does work with Windows boxes). I receive the certificate. I send this to the Linux admin. This is the point where I have issues. I now need to convert this cert to where I can pull the private key. I've imported the cert into my Windows box, then exported a PFX certificate, which does have a key. It does not work.
What I'm looking for:
Step-by-step directions for generating the cert using a Linux-based supplied request on an enterprise certificate authority running on Windows 2008. Step-by-step directions for extracting the private key for this certificate.
Here's the steps:
I get a cert request from a Linux web server. I need to take this and generate a certificate that has the private key exportable. I need to supply the certificate that the Linux system can import as the webserver certificate. I also need to supply the private key. This will be used on an appliance that watches SSL traffic.
What I've tried:
Take the Linux-generated request. Go to the certserv web page. Go to Advanced. Go to supplying the request. Paste in the request (with no extra spaces or line returns). Select the correct template (WebServerPKE, which does work with Windows boxes). I receive the certificate. I send this to the Linux admin. This is the point where I have issues. I now need to convert this cert to where I can pull the private key. I've imported the cert into my Windows box, then exported a PFX certificate, which does have a key. It does not work.
What I'm looking for:
Step-by-step directions for generating the cert using a Linux-based supplied request on an enterprise certificate authority running on Windows 2008. Step-by-step directions for extracting the private key for this certificate.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That was the piece I was missing. We were able to give the end user a cert and the private key. Thank you for your help.
On linux you first need to combine the certificate + private key into a pfx (which is a pkcs#12 format file). which is the allready mentioned p12 file. Then you can import it into a windows store.
Just converting the certificate into a pfx makes it miss the private key, and thus unusable for server use.