How to renew the certificate issued by a standlone CA Hi Everyone, I have configured a standalone CA and issued ssl certificatesto end users who are Anonymous users All are made to requested through web page Enrollment then we created the certificate and sent them through mail along with private key. Now i need to renew the issued certificates validity.(all the certificates have few more months validity time left out). I followed the following renewal process from Tech net. Steps I followed: 1)Open Internet Explorer 2)In Address, type http://servername/certsrv, where servername is the name of the Windows 2000 Web server where the certification authority (CA) you want to access is located 3)Click Request a certificate, and then click advanced certificate request 4)Click Submit a certificate request using a base64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 fileHere i used submit a renewal request by using a base-64-encoded PKCS # 7 file . 5) Do one of the following: Open Notepad. On the File menu, click Open. Select the PKCS #10 or PKCS #7 file and click Open. On the Edit menu, click Select all, and then, on the Edit menu, click Copy. On the Web page, click in the Saved request scroll box. On the Edit menu, click Paste to paste the contents of certificate request into the scroll box. If your Web browser security settings do not prohibit a Web page from accessing your disk, you can click Browse for a file to insert to locate the file you want to use for the certificate request. If you get a warning about the ActiveX control, click Yes to allow it to run, then click Browse. After locating and selecting the file you want to use for the certificate request, click Read!. On the Web page, click Read! to paste the contents of the file into the scroll box. See the note about using Browse. 6)If you are connected to an enterprise CA, choose the certificate template you want to use.7)Click Submit. Here after step NO 5 I am getting the error message as follows : COM Error info:CCertrequest:submit the data is invalid 0x8007000d(WIN32:13) Suggested cause : The certificate request contained bad data.if you are submitting a saved request,make sure that the requestcontains no garbage data outside the BEGIN and END tags, and that the file containing the saved request is not corrupted. I kindly invite the suggesstions . Thanks & RegardsArunkumar.G

As I asked in the news groups, how are you generating the renewal request that you're submitting through web enrollment?http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/768f3352-8830-4d41-846c-bdf2727da080Paul Adare CTO IdentIT Inc. ILM MVP

Hi Paul ,I will tryout the suggestion provided by you to my same question in other forum topic.I will revert back you after implementation .Thanks & RegardsArunkumar .G

Hi Paul , I am explaining the process which i am following ,done this process for a valid certificate in CA server 1. login to the windows 2003 server 2.Open IE and type URL: https://servername/certsrv 3.Click on Request a certificate link 4.I will give my domain credentials to enter 5. then click on Advanced certificate Request. 6.Then click the submit a certificate request by using a a base -64 encoded CMC or PKCS10 file ,or submit a renewal request by using a base-64-encoded PKCS #7 file. 7. Here I will get options to insert the PKCS#7 format file which i have generated for my certificate.so browse the file ,Click Read option and then Submit. 8. After this i am getting a error message : Error Your request failed. An error occurred while the server was processing your request. Contact your administrator for further assistance. Request Mode: newreq - New Request Disposition: (never set) Disposition message: (none) Result: The data is invalid. 0x8007000d (WIN32: 13) COM Error Info: CCertRequest::Submit The data is invalid. 0x8007000d (WIN32: 13) LastStatus: The operation completed successfully. 0x0 (WIN32: 0) Suggested Cause: The certificate request contained bad data. If you are submitting a saved request, make sure that the request contains no garbage data outside the BEGIN and END tags, and that the file containing the saved request is not corrupted. Note : I have diagnaised that my generation of PKCS7 file format is wrong. so could you please guide me how to genarate a PKCS7 file format for my certificate. I am using IE7. Thanks in Advance Arunkumar.G