|
Home > Archive > IIS Server Security > September 2004 > migrating certificates (export the private key not available)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
migrating certificates (export the private key not available)
|
|
| Adam Murray 2004-09-02, 6:45 pm |
| We are trying to migrate the SSL Cert to a new server and have run
into a snag. When we start the export wizrd the "export the private
key" option is not available. (Also, the do not delete the key once
exported is not available)
I tried turning off IIS 5.0 to see if that would solve the problem,
but it didn't work.
Has anyone seen this, and can you give me apush in the right
direction?
| |
| Miha Pihler 2004-09-02, 6:45 pm |
| Hi Adam,
This is property of certificate and should be set before it was issued on CA
server ("Mark keys as exportable"). Once certificate is issued this can not
be changed.
Mike
"Adam Murray" <etown9799@yahoo.com> wrote in message
news:d13d5808.0408300908.23d28ec2@posting.google.com...
> We are trying to migrate the SSL Cert to a new server and have run
> into a snag. When we start the export wizrd the "export the private
> key" option is not available. (Also, the do not delete the key once
> exported is not available)
>
> I tried turning off IIS 5.0 to see if that would solve the problem,
> but it didn't work.
>
> Has anyone seen this, and can you give me apush in the right
> direction?
| |
| Jerry Pisk 2004-09-02, 6:45 pm |
| You actually set this yourself when you're importing the certificate. The CA
has no say in this.
To fix Adam's problem - you need to find the private key, you had to import
it to the certificate store from somewhere. If you don't have it you have to
create yourself a new one and request a new certificate. And remember to
back it up, including the private key. Not just in case you want to move the
server to a different box, but for cases your box crashes, when you won't be
able to export anything.
Jerry
"Miha Pihler" <mihap-news@atlantis.si> wrote in message
news:%23b8C4UrjEHA.2812@tk2msftngp13.phx.gbl...
> Hi Adam,
>
> This is property of certificate and should be set before it was issued on
> CA
> server ("Mark keys as exportable"). Once certificate is issued this can
> not
> be changed.
>
> Mike
>
> "Adam Murray" <etown9799@yahoo.com> wrote in message
> news:d13d5808.0408300908.23d28ec2@posting.google.com...
>
>
| |
| Miha Pihler 2004-09-02, 6:45 pm |
| Jerry,
If certificate was issued in Microsoft CA based on certificate template that
does not allow certificates to be exported you can't later mark them as
exportable.
If some other template or policy or CA was used I agree with your, this can
be set when importing certificate, but can't be changed once certificate is
successfully imported.
Mike
"Jerry Pisk" <jerryiii@hotmail.com> wrote in message
news:ORB1vlvjEHA.3696@TK2MSFTNGP15.phx.gbl...
> You actually set this yourself when you're importing the certificate. The
CA
> has no say in this.
>
> To fix Adam's problem - you need to find the private key, you had to
import
> it to the certificate store from somewhere. If you don't have it you have
to
> create yourself a new one and request a new certificate. And remember to
> back it up, including the private key. Not just in case you want to move
the
> server to a different box, but for cases your box crashes, when you won't
be
> able to export anything.
>
> Jerry
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:%23b8C4UrjEHA.2812@tk2msftngp13.phx.gbl...
on[vbcol=seagreen]
>
>
|
|
|
|
|