Been fighting a expired cert issue for the past few days. I am updating a cisco ace load balancer with an updated cert. However every time I attempt to validate the cert it is not valid or does not match. Steps I have used:
- Log into web server with valid cert installed Go to IIS Manager
- Create Certificate request in server certificates Edit correct information for company location etc. RSA and 2048 and save as a cert.csr
- Once *.csr is created
- open in notepad to get server request info.
- Go to: microsoft web certsvr address to create AD cert.
- Request new cert.
- Advanced and add the info copied from notepad into the appropriate field.
- click next and download the cert.cer
- Install the cert.cer into the cert store (personal)
- Open MMC on the same server and move the cert from personal to trusted root. (shows the key and cert as valid.)
Edit the newly created cert.cer file with: Openssl openssl x509 -inform der -in certs\cert.cer -out certs\certs.cer.pem
Export the PFX from the trusted root store. Create cert.pfx placed in the same folder that cert.cer and cert.cer.pem is located.
get the certificate only and not the private key from a PFX file.
Run the following command to export the private key: openssl pkcs12 -in certs\cert.pfx -nocerts -out certs\cert.key.pem -nodes
Run the following command to remove the passphrase from the private key: openssl rsa -in certs\cert.key.pem -out certs\cert.server.key
*Just for fun I also do the following to allow for compatibility: // Convert without requiring a password for the private key and include the private key in the cert. openssl pkcs12 -in Certs\cert.pfx -out certs\certs_nokey.pem -nodes
Any help or suggestions would be deeply appreciated.
UPDATE the CA is Microsoft certificate services. This would be a DHCP server giving out certs for the connecting servers. Affectionately (CertServ CA) UPDATE* This actually worked with the cisco load balancer as well as the Servers under it. Thanks.
0 Answers