|
| |||||||||
| Tags: certificate, create, key, private |
Sponsored Links
How to create certificate with private key
Active Directory
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: certificate, create, key, private |
|
| | Thread Tools | Search this Thread |
|
#1
05-06-2007
| |||
| |||
| How to create certificate with private key
Hi I'm following the instructions in http://support.microsoft.com/kb/321051 to enable LDAP over SSL in Windows 2003 Active Directory. One of the requirements is to install a certificate into the computer's Personal store. This certificate must have an associated private key. I've taken the certificate request specified in the KB, modified the Subject line, and then used 'certreq -new' to create the certificate request. Problem is, this certificate does not end up with an associated private key. I have deleted and revoked some earlier certificates on my system. Could their presence be, somehow, interfering with the creation of a private key-associated certificate for this system? I should also point out that my certifcate authority and my Active Directory/LDAP system are the same Windows 2003 system. Thanks!  |
|
#2
06-06-2007
| |||
| |||
| Re: How to create certificate with private key
tl wrote: > Hi > > I'm following the instructions in http://support.microsoft.com/kb/321051 to > enable LDAP over SSL in Windows 2003 Active Directory. One of the > requirements is to install a certificate into the computer's Personal store. > This certificate must have an associated private key. > > I've taken the certificate request specified in the KB, modified the Subject > line, and then used 'certreq -new' to create the certificate request. > Problem is, this certificate does not end up with an associated private key. > I have deleted and revoked some earlier certificates on my system. Could > their presence be, somehow, interfering with the creation of a private > key-associated certificate for this system? How are You actual generating Your certificate - does your CA have an option to export certificate with private key > > I should also point out that my certifcate authority and my Active Your CA isn't working as an enterprise CA? > Directory/LDAP system are the same Windows 2003 system. So You are requesting certificate from CA through web page probably - there is an option to mark keys as exportable and export them to the file -- Tomasz Onyszko http://www.w2k.pl/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) |
|
#3
09-06-2007
| |||
| |||
| Re: How to create certificate with private key
Hi Tomasz Thanks for the reply. > So You are requesting certificate from CA through web page probably - > there is an option to mark keys as exportable and export them to the file Here's what I'm doing, all of it based on http://support.microsoft.com/kb/321051. What am I doing wrong? Thanks tl Step 1 - create the request.inf file - follow the instructions, replacing '<DC fqdn>' with your fully qualified domain name (ex., "CN=tivo1.cso-terry.backup", one of the systems in my lab, where we use ..backup as our DNS domain) Step 2 - create the request file - 'certreq -new request.inf request.req' Steps 3 and 4 - take the certificate request file, and create the certificate Run Microsoft Management Console (run 'mmc' at a command line), click File -> Add/Remove Snap-in -> Add... -> Add Standalone Snap-in -> Certification Authority, click Add and select 'Local computer' in the next screen, Finish, Close, Ok Click the + sign next to Certification Authority, then click the + sign next to your Windows system name. Right-click the Windows system name, All Tasks -> Submit new request… In the Open Request File dialog box, browse to your request.req file, select it, then select Open. Click on Pending Requests; you should see your certificate request. Right-click your certificate request, select All Tasks -> Issue. Your request will be removed from Pending Requests, and will now appear in Issued Certificates. Right-click the certificate, select Open. In the Certificate window, click the Details tab, select Copy to File. This will start the Certificate Export Wizard. At the first screen, click Next. At the next screen, select 'Base-64 encoded' and click Next. At the next screen, browse to the directory containing your certificate request (doesn't HAVE to be there, but it's a good idea to keep these files together), and save the file as certnew.cer. Click Next, Finish, Ok. Your certificate has now been created Step 5 - accept the issued certificate - 'certreq -accept certnew.cer' Step 6 - verify that the certificate is installed Step 7 - restart the domain controller (I rebooted) |
|
#4
13-06-2007
| |||
| |||
| Re: How to create certificate with private key
Please? Or, can I not do this with Microsoft Certifcate Services? Thanks tl |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "How to create certificate with private key" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to create share and restrict a private torrent | Susquehannock | Technology & Internet | 6 | 22-06-2010 01:32 AM |
| Export Certificate with Private Key from CA Management MMC | AlanW. | Active Directory | 3 | 24-02-2010 12:31 AM |
| Create a Private Administration Interface for killing PHP session | samualres | Software Development | 5 | 25-01-2010 11:36 AM |
| How to Create Private Runescape Server | Rodney123 | Video Games | 3 | 04-07-2009 01:18 PM |
| How to create and use a virtual private network | Spykar | Guides & Tutorials | 0 | 21-02-2009 05:17 PM |
