[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Have a Windows 2008 Enterprise Certificate Authority, ( Enterprise CA) - creating a public key

Posted on 2012-08-26
9
Medium Priority
?
997 Views
Last Modified: 2012-09-12
I have a Windows 2008 R2 Enterprise CA that I create certificates for my servers using the CA templates.
My business partner is requesting a Public SSH Key so we can do secure transmissions.
What are the steps to create a public SSH Key I can give to my business parter by using my Enterprise CA?
0
Comment
Question by:lanman777
9 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38334614
My business partner is requesting a Public SSH Key so we can do secure transmissions.

Windows does not support Secure Shell natively.. so it would have to be using putty or winscp and generate the key using one of these programs.

Is this for sftp transfers? which windows ftp server does not support (need 3rd party i.e. robo-ftp server)

ftp/s (ftp using ssl) is supported, though you would just create a user certificate for your partner and use your current ftp ssl certificate
0
 
LVL 81

Expert Comment

by:arnold
ID: 38334770
Secure transmission could mean secure email.
You can use your CA to issue user identity certificate with option to secure email.
You would then provide the PFX (private and private keys) which the other party will install and then the two will exchange the public keys so that emails can be encrypted with the certificates and can only be opened using private keys.
0
 

Author Comment

by:lanman777
ID: 38334966
This is not for email. It is for transmitting a file from our server to their site.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 81

Expert Comment

by:arnold
ID: 38335085
Ve3ofa pointed out
You can use the private and public keys.
You would need to use OpenSSL to convert the .pfx file into a pem format that will have the certificate and the privat key.  Only provide the certificate to be added into the sash.
You would also need to provide the ca chain certificate for validating your certificate once they add the CA chain as trusted.

The ssh or sftp or ftps tool you use to transfer the file should support certificates on both ends.
Yours for import and theirs to have the certificate based authentication.

Certificates can also be used to establish a VPN connection between your and their server.
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 2000 total points
ID: 38337082
If the trading partner wants YOUR public SSH key then they must be hosting an SFTP site.  They are expecting you to connect as a client to their server.  They want you to use public key authentication instead of the more familiar username + password authentications.  To do this, you will generate a SSH key pair.  You will keep the private key private and you will send them a file containing a copy of your public key.  You will configure your SFTP client with the server address, your username, and your private SSH key.

You can use Robo-FTP client to connect to their SFTP server.  You can generate your own SSH key pair using the Robo-FTP Configurator program: http://www.robo-ftp.com/help/3.8/cfg_configure_ssh_configuration_.htm  You do not need a CA for SSH keys.
0
 

Author Comment

by:lanman777
ID: 38348791
Thanks but I want to use my Windows 2008 Enterprise to generate my SSH Key pair.
I know I can do it the way you mentioned.
Is it possible with my CA? If so how?
0
 
LVL 81

Expert Comment

by:arnold
ID: 38348853
You could try creating a user certificate.
You would then export the PFX.
you would need to use openssl for windows to convert the .pfx to a pem format.

The difficulty is that I've not looked at it since ssh often comes with its own free key generator.
Trust is established by the user administering system A receiving your public key and adding it.

Found this recent discussion which might be your own question/exchange in another forum.
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/bc9b8f30-76b3-4f7a-a09c-6aa6f38d1537
0
 

Author Comment

by:lanman777
ID: 38355779
Well, I don't own Robo-FTP, and from what I have read puttygen ssh keys can only be used in putty.exe
Is there something open source that I can create a basic SSH Key pair? Preferrably GUI based but at least I need to be able to create it with Windows 7 workstation.
0
 
LVL 81

Expert Comment

by:arnold
ID: 38356364
An ssh key is an ssh key. The pair combination might be useable in many sash clients.
Instead of concentrating on the ssh keys, start with what ssh client do you use?
Putty, securessh, etc. then look at whether the client you intend to use has an import/export option.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question