none
CA cert RRS feed

  • Question

  • Hi All,

    I need CA cert for my https environment. And I found that we got wildcard cert which I believe can be use for this purpose. But when I tried to export the cert, the private key exportable is greyed out. 

    Tried request the cert with new key, but the request contain no cert template information enrollment error.

    Tried to use certutil -repairstore my "serialkey" but access denied as it keep prompt to select a smart card.

    I am using a VM and there is no way to connect to any smart card.

    Any other way can I do so I can get my CA cert? Or maybe can bypass the smart card prompt issue?


    Nursyafika

    Friday, August 16, 2019 11:46 PM

Answers

All replies

  • Maybe this one helps.

    https://knowledge.digicert.com/solution/SO6568.html

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, August 16, 2019 11:53 PM
  • It really depends on what your requirements are.

    1: Public certificate provider. (They have different ways of managing certificates and keys, you should contact your certificate provider if it's a public certificate provider)
    - This certificate is trusted by everyone.

    2: Private key infrastructure. If you already have a Certificate Authority within your domain, you can create a new certificate using this. If Web enrollment is enabled, you can do this from an IIS server and choose "Domain Certificate". (You can search this for quite a lot of guides)
    - If the CA is initially done correct, this certificate is trusted by all servers and clients in your domain.

    3: Self signed certificate. If you do not have a public certificate and do not have a Certificate Authority within your domain, you can create a self signed certificate. This can also be done in IIS. (You can search this for alot of guides)
    -This certificate is only trusted by the machine it self, and all machines that needs to trust this certificate needs the certificate manually added to the Certificate trust store.


    Monday, August 19, 2019 6:24 AM
  • Hello,
    Thank you for posting in our TechNet forum.

    Do we have our internal CA server? If so, we can try the following steps:

    If it is user certificate:
    1.We can logon the computer with this user.
    2.Type certmgr.msc on Search and click Enter.
    3.Find the certificate in Certificates - Current User->Personal->Certificates container.


    If it is computer certificate:
    1.We can logon the computer with domain Administrator. 
    2.Type certlm.msc on Search and click Enter.
    3.Find the certificate in Certificates - Local Computer ->Personal->Certificates container.



    For example,

    Right click the certificate ->All Tasks->Export->Next->Yes, export the private key.








    If we can not export the private key, maybe we configure we can not export private key (we did not check the option Allow private key to be exported ) on the Request Handling tab of the certificate template as below.






    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 21, 2019 10:20 AM
    Moderator
  • Thank you. I just put the wildcard cert and it seems to solve my issue! 

    Nursyafika

    Thursday, August 22, 2019 1:48 AM
  • Hi,
    Thank you for your update. I’m very glad that the problem has been solved.
     
    As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you! 

    Have a nice day!


     
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 22, 2019 9:43 AM
    Moderator