Solved

SSL private certificates ???

Posted on 2010-11-18
8
940 Views
Last Modified: 2012-05-10
How do I export a private certificate?  We have purchased a certificate from godaddy and need to import a private element of the certificate into a software called Odex Enterprise which we use to comunicate eletronic orders with our customers.

The problem is I dont know I should export it from.  I have contacted godaddy and they have recommended exporting it from IIS. We havnt got IIS installed at the moment but can install if need be.  Any advice on obtaining the private certicate will help.  Im quite new to the SSL certificates so any help is greatly appreciated
0
Comment
Question by:resolver1
8 Comments
 
LVL 21

Expert Comment

by:RK
ID: 34163169
Yes..You have install it from IIS, Please read this article for step by step installation
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-5-6.htm
If you not installed IIS yet...put your windows OS cd into CD/DVD drive..go to control panel, add/remove program, ad/remove windows components, Internet Information Service or Application server, select this and click on details, you can see IIS here and tick the check box and next for install.

"Good Luck"
0
 

Author Comment

by:resolver1
ID: 34163366
Thanks for your answer.  I'll try whats in the link you sent me.  

Maybe you could help me understand it a little better.  From reading the article it says that the public key generates the private key at time of import?  Is there any machine specific varibles used to calculate the private key?  Let me put it another way, if i import the certificate on another machine (different os version, computer name ect) will it generate the same private key.

thanks your help is appreciated.
0
 
LVL 15

Expert Comment

by:pcsmitpra
ID: 34163502
Hello

http://www.dip.co.uk/kb/1159.aspx
When importing certificates in Windows, the certificate will be placed in your own trusted root store.

If ODEX is running as an application, it is running as your user and so selecting certificates from your root store should show the new certificate.

If ODEX is running as a system service, you will need to ensure that the certificate is copied to the local machine's trusted root store. Certificates can be copied using the Microsoft Management Console (MMC).

Select add/remove snap-ins and add the certificate snap in twice, once selecting your user account and once selecting the local machine.

If you expand your current user trusted root store, you should be able to see the new certificate. This needs to be copied to the corresponding folder underneath the local computer.

If you are unfamiliar with MMC, you can select the import option from ODEX when browsing for certificates. This will cause ODEX to import the certificate into the appropriate store depending on whether ODEX is running as a service.

Hope this will help.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 33

Accepted Solution

by:
Dave Howe earned 250 total points
ID: 34164970
If you have a godaddy certificate, you must have generated the certificate signing request (CSR) somewhere - whichever machine did that (and which ever software you imported the cert into aftwards) is where you can re-export the cert, with key, as a pfx for use with the other product.
0
 

Author Comment

by:resolver1
ID: 34171809
Ah ok I think I understood incorrectly the first time.  The private key is generated at the same time as the public key but this key is kept secret by the application, in my case Windows 2008 SBS.  I've exported the key from Windows 2008 sbs and imported it into ODEX application.  However, it imports with the follwoing Certificate error "The issuing certificate was not found in the TSL".  Any ideas ?
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 34201214
TSL = Trusted Server List (or something similar) - this is the list of trusted root certificates.

Open MMC and add the Certificates snapin - if obex is running as a service then open as Local Computer, if it is running as a user account then you need log in as that user and open MMC and add as Current User.  Check the Trusted Root Certification Authorities - Certificates - if you do not see the certificate listed there then add it there.  Also, the CA should have sent you their "root certificate chain" which would be the CA certificates - these should also be installed here.  To install, have the certificate files on the server then right-click the Certificates folder and import certificate, then point it to each of the certificate files.  You may need to restart obex for it to see it, but since there probably isn't an existing cert there you probably won't have to.
0
 

Author Comment

by:resolver1
ID: 34211669
Cheers for the reply Paranormastic. I feel like I'm getting close to the solution.  I found an article regarding ODEX http://www.pipechain.com/o.o.i.s/746  and TSL stands for Trusted Service List.

Check the Trusted Root Certification Authorities - Certificates - If you do not see the certificate listed there then add it there.  
- are you reffering to our private certificate here? I can see the go Daddy class 2 certificate Authority. (our certificate is go daddy).

Also, the CA should have sent you their "root certificate chain" which would be the CA certificates - these should also be installed here.  
- I have the private key, the godaddy class 2 and another go daddy cert installed within DIP\certificates (Data interchange - our ODEX client software name).  The final go daddy cert links to valicert calss 2 policy validation.
0
 

Author Comment

by:resolver1
ID: 34232355
cheers guys ill wrap this one up.  My question has been answered.  You help is appreciated!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now