Monday, November 05, 2012 10:38 PM
I have a question regarding generating a certificate to be used by an Apache Web Service, with the certificate being generating by a Microsoft CA.
The Apache Web Service is part of a new service that is being introduced and is installed on a Windows Server. So far we have had the Apache service generate a key file for itself and provide a csr that can be used to generate a certificate. However, when I provide a certificate back to the web service it can't load the certificate and the apache service is unable to start.
I thought this may have something to do with the CSR format, as it seemed to loose some of its formatting. So I resolved this using notepad ++, however the issue still exists.
Has anyone got some experience of this issue and know how to resolve it?
Tuesday, November 06, 2012 2:59 AM
the apache or IIS the certificate MUST reside in the personal machine store of the machine , if the service fail to start I point that you install your certificate in the users store.
here ex: on howto create manual csr
create a Inf file content
Subject = "CN=www.acme.com,OU=webserver,O=Acme inc,ST=QC,C=US,DC=acme,DC=com"
;EncipherOnly = FALSE
Exportable = FALSE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange – Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 ; or CMC.
OID=220.127.116.11.18.104.22.168.1 ; Server Authentication
after run the certreq cmd
certreq -new $File.inf request.req and aftergo on the Ca and signed the request .
export your request signed to a .cer format
on the apache server
certreq -accept -machine requestSigned.cer
restart your apache service
hope this will help you
Monday, November 12, 2012 2:35 AMModerator
Thanks for your post.
Please note that the CSR can be generated in IIS on the server. If you have IIS on your server use this to generate a CSR and send to your Microsoft CA and completes the process. In addition, you can use LDAP over SSL to request certificate to Microsoft CA.
How to enable LDAP over SSL with a third-party certification authority
IIS 7.0 CSR/SSL Create and Install
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
TechNet Community Support
Wednesday, November 14, 2012 5:20 AMModerator
How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know.
TechNet Community Support
Friday, December 07, 2012 12:29 AM
I have since posted another question with more detailHere
Sunday, December 23, 2012 5:58 PMIn another post I have listed the resolution that I found from my experience, a link to this can be found below:- http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/208d920b-b0d7-4cd2-9c0c-f051682a5a77/#2009aca5-449d-436c-9026-92d060d64d07
- Marked As Answer by Hendy25 Sunday, December 23, 2012 5:58 PM