Server 2003 IIS 6 – CSR Instructions for Renewals

To generate a Certificate Signing Request (CSR) for Server 2003 – IIS 6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system where the CSR request is made. Note: All certificates issued by a Certificate Authority must be SHA2/SHA256 algorithm due to industry standards by governing entities. IIS 6 Server 2003, has been known to not understand this Algorithm.  Installing a SHA2 certificate on your outdated system may not work. You may have to contact Microsoft […]

Read More

Server 2003 IIS 6 – CSR/Install Instructions for Renewals without removing the existing certificate

Issue Condition: To generate a new CSR without removing the current certificate, a Temporary Dummy website can be created. This workaround will apply for Microsoft IIS 6 server 2003 that currently have certificates installed on their website, but a new CSR with a new key-bit length or different information in the Distinguished Name needs to be created. Creating a temporary website allows you to keep the current certificate active on the site while another certificate request is pending. After installing the certificate on the temporary web site, it can be applied to the production web site. On Windows type systems PFX/PKCS12 requests are made, and are stored on the system. The private key will remain hidden on the windows system and […]

Read More

Cisco Wireless LAN Controller – CSR Instructions

To generate a Certificate Signing Request (CSR) a key pair must be created for the server. These two items are a public key and a private key pair and cannot be separated. Cisco Wireless Lan Controller (WLC) is a very complex system with unconventional implementation of its keypairs for encryption. CSR creation and certificate installation may vary as your custom environment system may differ. Below are generalized instructions. The utility “openssl” is used to generate the key and CSR and used to perform conversions. This utility comes with the OpenSSL package and is usually installed under /usr/local/ssl/bin. If you have a custom installation, you will need to adjust these instructions appropriately. To generate a CSR on Cisco WLC perform the following. Step […]

Read More

Troubleshooting: “Cannot find the certificate request that is associated with this certificate file.”

In Windows IIS, and Exchange systems you may receive the following error message when attempting the installation of a digital certificate. “The pending certificate request for this response file was not found. This request may be canceled. You cannot install selected response certificate using this Wizard.” Or “Cannot Find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.” This error message occurs due to one or a combination of the following: Its a glitch that can happen from time to time on IIS server 2008 series. The certificate file is formatted incorrectly or the wrong extension file is being used for the installation. The CSR for this certificate […]

Read More

IBM WebSphere – CSR Instructions

In order to enroll for a certificate you must generate a Certificate Signing Request (CSR) for your IBM WebSphere you must generate your CSR from the system you plan on running the certificate. Like all certificates you must first create a CSR public/private key pair. These two items are unique and cannot be separated. WebSphere uses keystores to store the public/private keypair, and from this keystore you will generate your CSR. The CSR you will give to the CA for signing and the private key will rest in the systems keystore. IBM WebSphere is a very complex system. These instructions are from a best effort to make keystore/CSR creation as simple as possible. You may have to refer to IBM support […]

Read More

What is a Certificate Signing Request (CSR)?

A Certificate Signing Request or CSR is a specially formatted underdeveloped public key that is used for enrollment of an SSL Certificate. The information on this CSR is important for a Certificate Authority (CA). It is needed to validate the information required to issue a SSL Certificate. The public key (CSR) is freely given away by the server system or administrator so that the respective party can perform encryption. When it comes to enrolling for a SSL/TLS server certificate from a CA there comes  standards set by the CA|B Forum and Various RFC’s from the IETF (Internet Engineering Task Force). Some of these standards include… Not accepting or issuing certificate with anything less than 2048 bits, No SHA1/MD5 Algorithm Certificates issued from CA’s […]

Read More

Aruba ClearPass – CSR Instructions

To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public/private key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR and certificate must all match in order for the installation to be successful. To create a new CSR for your Aruba ClearPass Policy Manager (CPPM) perform the steps below: Step 1: Generating your CSR & Privatekey: Open your Aruba ClearPass CPPM. Navigate to Administration > Certificate > Server Certificate. Click Create Certificate Signing Request. In the Create Certificate Signing Request pop-up window specify the […]

Read More

Barracuda SSL VPN – CSR Instructions

To generate a Certificate Signing Request (CSR) for Barracuda SSL VPN you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. The CSR public key you will give to a Certificate Authority (CA) for signing and the private key will remain hidden on the Barracuda SSL VPN system where the CSR request is made. With Barracuda SSL VPN you will first create your own keypair, and then extract your CSR from it in order to give your your Certificate Authority (CA) for enrollment of a SSL certificate. To generate a CSR for Barracuda SSL VPN perform the following. Step 1: Generating […]

Read More

Kemp 6.x – CSR Instructions

In order to enroll for a certificate you must generate a Certificate Signing Request (CSR) for your Kemp system you must generate your CSR from the system you plan on running the certificate. Like all certificates you must first create a CSR public/private key pair. These two items are unique and cannot be separated. The CSR you will give to the CA for signing and the private key will rest left on the system where the CSR was generated.  To generate a CSR on a Kemp system perform the following. Step 1: Generating your CSR keypair: Log into your Kemp LoadMaster WUI. In the main menu of the LoadMaster WUI, select Certificates > SSL Certificates. Specify a name for you private key […]

Read More

Portecle: Advanced Keystore Creation and Manipulation Tool

Portecle is a user friendly GUI application for creating, managing and examining keystores, keys, certificates, certificate requests, certificate revocation lists and more. The scenario for using such a tool is if a server system lacks the capability of generating a CSR keypair on its own. Another Senario would be if large networks of multiple server types, data centers and such are faced with a CSR keypair on one system environment and the tireless key store conversions that are required to import a keypair into a different server environment, which can be very time consuming and frustrating. Portecle eliminates the need for a server to create a CSR keypair. It acts as keypair CSR generator where you can generate a single […]

Read More