Generate a certificate with exportable private key
Posted on 2010-03-26
I've been struggling with generating a certificate with an exportable private key. I'm running Win 2008 as an enterprise cert server. I already created a template with a private key exportable. I've even tried the request.inf template route. I can generate certs with exportable keys that work fine for Win servers. I've been playing with OpenSSL, all to no avail.
Here's the steps:
I get a cert request from a Linux web server. I need to take this and generate a certificate that has the private key exportable. I need to supply the certificate that the Linux system can import as the webserver certificate. I also need to supply the private key. This will be used on an appliance that watches SSL traffic.
What I've tried:
Take the Linux-generated request. Go to the certserv web page. Go to Advanced. Go to supplying the request. Paste in the request (with no extra spaces or line returns). Select the correct template (WebServerPKE, which does work with Windows boxes). I receive the certificate. I send this to the Linux admin. This is the point where I have issues. I now need to convert this cert to where I can pull the private key. I've imported the cert into my Windows box, then exported a PFX certificate, which does have a key. It does not work.
What I'm looking for:
Step-by-step directions for generating the cert using a Linux-based supplied request on an enterprise certificate authority running on Windows 2008. Step-by-step directions for extracting the private key for this certificate.