How to obtain a .pfx certificate for a user in Windows 2000 CA
HI,
I am trying to create a certificate for a user and then later use the private and public key in an application. I can export the user certificate with the public key easily in Server 2003 and later versions however
I am unable to do so when the CA is a 2000 Server.
So, the main motive is, that for a particular user certificate, I need to extract the Public and Private keys seperately. Any idea how this can be achieved?
This is critical for the functioning of my application.
Regards
Andy
August 17th, 2011 9:46am
Andy - can you describe the steps you are going through and at what point the process fails?
hth
Marcin
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 10:03am
Hi Marcin,
I am doing the following steps:
1. Log in to the Windows 2000 CA (this is domain joined) with the credentials of the domain user for which the user certificate is required
2. Start mmc and add the snap in for Certificates
3. Right click on the Personal folder and in All Tasks ->
Request New Certificate
4. Choose User Certificate option
5. Keep on moving forward with default options till the certificate is issued.
6. Install the certificate
7. Refresh the personal folder
8. Right click on the issued certificate and choose Export
9. Now, while exporting the option to Export private key also is not enabled at all.
August 17th, 2011 11:14am
Hellom
first of all this is Directory Services forum and your question is not related to it.
Better to ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads
Second, Windows 2000 is not yet supported so it will be better to upgrade your OS.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator:
Security
Microsoft Certified Systems Engineer:
Security
Microsoft Certified Technology Specialist:
Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise
Administrator
Microsoft Certified IT Professional: Server Administrator
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2011 11:18am
As
http://technet.microsoft.com/en-us/library/cc738545(WS.10).aspx states:
"To use the PKCS #12 format, the cryptographic service provider (CSP) must recognize the certificate and keys as exportable. If a certificate was issued from a Windows Server 2003 or Windows 2000 certification authority, the private key
for that certificate is only exportable if one of the following is true:
The certificate is for EFS (Encrypting File System) or EFS recovery.
The certificate was requested through the Advanced Certificate Request certification authority Web page with the
Mark keys as exportable check box selected."
hth
Marcin
August 17th, 2011 11:52am
For the benifit of all, I posted this question to the security forum also as suggested, and it has been answered there also
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/4441f1d7-e82c-4b94-816a-02d0e0b43213
Free Windows Admin Tool Kit Click here and download it now
August 24th, 2011 12:37pm