Generating .crt and .key file using microsoft Enterprise PKI

Member_2_6445837 used Ask the Experts™
Afternoon team.
Please help, I have windows based Enterprise PKI solution setup with 1 offline root ca and 2 online subordinates ca. I have been given a .csr file by one of our vendors and they requested that I generate a .crt certificate and .key file for them using the .csr file. I only know how to generate a .cer certificate and not the requested files.
Please assist, how would one go about doing this using the Microsoft enterprise PKI?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

For which template? You can mark the key as exportable from the template settings


Afternoon Shaun.
Thanks for your input, I have created a duplicate web server certificate template for this request and configured the allow the private key to be exported option under request handling is also checked. I am using web enrollment to complete the certificate request, but only able to generate .cer files.
Top Expert 2016

Distinguished Expert 2017
Since you have a PKI, usually you would use https://<subordinateCA>/CertServ
and use the CSR as input to sign a certificate.

The vendor that generated the CSR already has the key so there is no need for you to provide a key unless the

cer, cert, crt are all the same, they are asking you to have your CA sign their CSR and give them the resulting PEM (base64) encoded file
--- Certificate starts here --

-- Certificate ends here ---

they can change the extension to whatever they want to have the certificate imported back to complete the request..

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial