A csr was created through certreq and is not showing in the Certificate Enrollment Request store causing inability to complete the certificate. I have tried importing the CSR into the Certificate Enrollment Request Store and get the file type is not recognizable. Any suggestion on how to get the CSR into that folder would be appreciated
Related
I'm having trouble understanding how to get/generate a private key for some certificates I requested.
I've created a CSR using the DigiCert Certificate Utility for Windows, which gave me a csr.txt file as an output but no .key file.
Then I proceeded to request the certificates by inserting the above mentioned CSR in the Certificate Management portal of my company.
Now I have received the p7b files and the related CSRs, but no private keys: is it possible to generate it now?
Thanks in advance,
Tommaso
Use the import function of the DigiCert Certificate Utility for Windows. The key is stored on software in the machine where the CSR was created. After the import the key and the certificate are associated and should be in the Windows certificate Store. If the key was generated with the exportable flag, you can export a PKCS#12 and convert that to a key file using openSSL.
A little bit of context:
I used to generate CSRs from IIS "Create certificate request", import that in my provider (GoDaddy) and get a .crt in return. Then I used to go again to IIS to "Complete certificate request" and generate the .pfx
I want to automate this process as much as possible including importing the CSR to GoDaddy and downloading the .crt file.
Right now I was able to automate the CSR creation with certreq.exe but note sure how to complete the request using powershell to create the .pfx when I have the .crt file from GoDaddy. I know I can do it with openssl but I'm missing the private key.
I think when I create the CSR request with certreq.exe, it generates the .pfx on "MMC > Certificate Enrollment Requests" which has the private key so I was wondering if every time I request the CSR, I have to export that .pfx and with openssl extract the private key to use it with my.crt file from GoDaddy?
Hopefully I was able to explain correctly what I'm trying to accomplish and somebody can help me with this.
How to create Certificate Request for CVC certificate as like X.509 (PKCS#10) in Java to send as a certificates signing request to EJBCA Certificate Authority?
Thanks in advance
You can use the cert-cvc library, also open source. This is part of EJBCA and comes with sample code. You can find more information and download at the ejbca.org site.
I'd like to automate the task of requesting client certificates from the CA attached to our Active Directory. Currently, I use certmgr and click "Request New Certificate" from the menu and do several other selections, including selecting an appropriate policy.
Surely, Powershell can help me with this, as I already use it to get rid of old certificates. Is there a module which can be used for this or does Powershell 3 cover this out-of-the-box?
I think certreq could be what you are looking for.
Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.
Then there is another useful utility when dealing with certificates in windows - certutil
I have followed the instruction for creating x509 cert, however, after uploading the cert, i get
Your x.509 certificate is invalid. Please upload a new certificate
Anyone seeing the same?
Can you please provide more details about your certificate:
1) Was it a valid X.509 certificate, base64 encoded ( PEM ) format with 1024 bytes key size ?
Also the link you posted is incorrect for the documentation. It is here :
Create X509 Certificate
2) Is the error occuring at the time of uploading CERT or at the time of registering ( clicking on the submit button ) ?
You can always just export the public key only from the PEM and upload that.
You would need to submit a support ticket for us to investigate your cert as we would need to take a look at it.
I have followed the .Net self sign instructions with no issues. However others have had issues with PEM. Follow them to the letter, or like I said export the pub cert as text. that should work.
regards,
Jarred