0

We are working in a VM environment with Win 2008 R2 machines. For one of the POCs, i need to restrict access to a specific port for a given list of machines. So I am trying to generate SSL certificate for this purpose. I have installed Active Directory Certification services on one VM and made it the local root CA. From this, i want to issue certificates to 2 or 3 other VMs. I am able to generate the CSR from the 2nd VM and create the CSR. Then I go to the certsrv site on local CA VM, submit the base 64 request and then go to Pending certificates and issue the certificate. Then I am able to download the issued certificate as well.

In all these steps, no where I am being asked for the Private Key. So if I install this certificate, i dont get any option to export the certificate into PFX file which will have the private key. I only get option to export it to p7b file which only has the public key.

So please let me know how do I generate the certificates with private key?

Eventually, my requirement is to take the PFX certificate and convert it into a JKS keystore file for each individual VM and also create a combined Truststore JKS file with all the certificates. Please let me know how I can go about this one.

Thanks askids

askids
  • 121
  • 1
  • 5
  • How did you generate CSR? – Crypt32 Jan 24 '17 at 06:08
  • I tried it both ways - 1st via IIS Server Certificates - Create certificate request and 2nd time from Certificates (Local computer) snap in mmc. Both times, I just get a CSR file with BEGIN NEW CERTIFICATE REQUEST.....END NEW CERTIFICATE REQUEST. I then copy it in to the certsrv site via "request new certificate - advanced certificate request". Nowhere I get option to specify the private key. – askids Jan 25 '17 at 23:10

1 Answers1

2

When you create the CSR, the private key is also created. It is in the machine that you ran and processed the CSR on. Open MMC Certificates tool, locate the certificate and you should be able to export it. Choose "Yes export private key" when asked.

The answer on this post lays it out nicely: Create a public private key pair for certificate in IIS

Community
  • 1
Dre
  • 1,710
  • 7
  • 12
  • From MMC certificates, i can only export existing certificates. After I import the newly issued certificate into VM, i don't see the key option at all. On other existing certificates, I see a key symbol on the certificate which indicates that the certificate has a private key. but I dont see it on my new certificate. – askids Jan 25 '17 at 23:23