RE: [IM-Talk] Windows Certificate

[Ruth Kurniawati]

Title: Windows Certificate

Hi Don:   Currently InterMapper will create an X509 CSR which Windows CA doesn’t accept. We will look into adding support to generate PKCS10 CSR in a future version of InterMapper -- PKCS10 one of the formats that will be accepted by Windows CA.   For the time being, please use one of the following methods: Create certificate request in one of the request formats that Windows CA understand (CMC, PKCS10, or PKCS7), get a WebServer certificate from a Windows CA using this CSR, and then install this certificate in InterMapper. Export a webserver certificate as PKCS12 format along with its private key from a Windows CA, then convert this into a base64 encoded PEM format, then install this certificate in InterMapper. However, this will *not* work for Windows 2003 CAs, since by default WebServer templates will generate certificates whose private key not exportable.   Note that you have to use the WebServer template in Windows CA to generate the certificate. Also, the private key has to be unencrypted. The openssl command line tools can be used generate the PKCS10 request and convert PKCS12 pfx file – please find a more detailed steps at the end of this email.   Regards, Ruth Kurniawati Dartware, LLC   Method 1: create a certificate request in PKCS10 format    - Generate a private key and a PKCS10 request file using openssl.           openssl req -newkey rsa:1024 -keyout key.pem -keyform PEM -out req.pem -outform PEM -nodes - Use req.pem to request a certificate from Windows CA (use the advanced certificate request option from the certsrv web page).   Make sure that you use the WebServer template. Lets call the certificate file cert.cer. - Copy key.pem to Intermapper Settings\Certificates directory (on Windows, InterMapper Settings directory will be located under <Program Files>\InterMapper directory.   The private key file should be named SSLCertificateKeyFile - Strip new line characters from the certificate file (the openssl library that InterMapper uses doesn’t accept these). You can use perl to remove the new lines:           type cert.cer | perl -n -e "chomp; print $_ . \"\r\"" > cert2.cer - Copy the certificate file into InterMapper’s certificate directory as SSLCertificateFile:           copy cert2.cer “<Program Files>\InterMapper\InterMapper Settings\Certificates\SSLCertificateFile” - Restart intermapper service – on Windows, you can use the Service Manager applet or type the following commands in a cmd window:           net stop intermapper           net start intermapper - If you have SSL enabled in the server settings, you will see the following in the debug log:     Use Certificate: <your certificate info>     Not Before: <number>Z, Not After: <number>Z   Method 2: export a webserver certificate from a Windows CA (note that this won’t work for Windows 2003 CA)   - Open the Certificate Manager applet           Choose Start/Run from the taskbar menu           Then type:                certmgr.msc - Navigate to the certificate that you’d like to export, right-click, and choose “All Task/Export”, make sure that you also export the private key. Let’s call this file webservercert.pfx. - Use openssl pkcs12 file utility to convert this file             openssl pkcs12 -in ./webservercert.pfx -out cert.txt –nodes - Open the Server Settings panel in InterMapper, navigate to the SSL Certificate section, and click the “Upload new certificate” button.   Either cut/paste the content of cert.txt or browse to the file and click open. Press OK to accept the certificate, the certificate info  will be shown in the dialog box.       From: InterMapper-Talk@list.dartware.com [mailto:[EMAIL PROTECTED] On Behalf Of Levinson, Don A. Sent: Tuesday, May 24, 2005 7:50 PM To: InterMapper Discussion Subject: [IM-Talk] Windows Certificate   Has anyone found a way to install a certificate created on a Microsoft Windows CA to InterMapper?.