[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to Include Private Key in Certificate

Posted on 2011-05-02
6
Medium Priority
?
1,215 Views
Last Modified: 2012-08-14

Hello Experts,

have the need to create an SSL certificate that includes the private key.....but I can't make it EXPORTABLE.  Is there a way to do this ??  The certificate needs to be installed on one server and it needs the private key.  The certificate will not be exported to mulitple servers.  Thank you. msyed1.
0
Comment
Question by:msyed1
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:Adam Brown
ID: 35506323
You can do this from IIS by opening the Certificate Manager in the IIS7 console. Open IIS, click on the Server, go to Server Certificates, double click the certificate you want to export. Click on the details tab, click copy to file, and follow the wizard to copy the cert to a file, exporting the Private Key. When the key is exported, you can then import it to the other servers. You determine whether you can Export the certificate from those servers during the import process, not the export process.
0
 

Author Comment

by:msyed1
ID: 35506799
acbrown2010:  Thank you for the reply.  

What you are saying though requires me to create a certificate using a template that is marked as exportable.  The user that is requiring this says that he needs a certificate that has the public as well as private key in it.  He intends to install the cert on his server....and never intends to export it to any other server.  

So, my question is how I do create a certificate that has both public and private keys, without using a certificate template marked as EXPORTABLE ??  thanks.
 
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 35506899
You would need to generate a new certificate from the destination server if there are no existing exportable certs. You would generate a certificate request from the server, then complete the request using a Certificate Authority of some type, then use the CA's response files to generate the Certificate on the server. This allows you to generate a certificate that has the private key in it.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:msyed1
ID: 35514503
I am sorry, I don't understand what you are saying.  I think you are saying that:

1.  Create a new CSR from the destination server
2.  Use this CSR on the Issuring CA and create a new certificate using a certificate template that allows Export of the Private Key.
3.  Install the new certificate on the destination server
Is this right ??
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 35514521
Well, you don't need a template that allows export of the private key unless you want to be able to export the key from the destination server in the future, but that is basically what you need to do.
0
 

Author Comment

by:msyed1
ID: 35514547
acbrown2010:

I have done exactly that, but the user says that the certificate does not contain a private key.  How can you look at a certificate and determine if it contains the private key or not.  The certificate I created has a .cer extension.  
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question