Jump to content

Sign a certificate from a sperate application with my PKI solution

Guest Gunna

By Guest Gunna
in Techno Babble

 Share

Recommended Posts

Guest Gunna

Guest Gunna

Posted
Posted

Can anyone help me with a question. I have a fully implemented and running

Microsoft 2003 Cetificate services solution. As you may know alot of vendors

release there solution as a hardwware based applaince with a Web UI. Most of

them use there own Self Signed certificate. I have one that will allow me to

export and import the certificate. If I export the certificate how do i sign

it with my PKI so my browser will accept the certificate.

 

Yes I could just generate one and improt it but I wuld like to know how to

do both.

 

Thanks.

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

Not enough information to answer the question really. Some systems allow

you to generate certificate request for offline submission, others - to

import PKCS #12 file. Most of "appliances" I'm aware of are starndard

Linux or BSD systems running OpenSSL tools and not deviating much from

popular distros (so you'll run openssl req ... to generate cerificate

request); some are Windows-based. Options to install certificates are

there, but the vendor's support might be a different matter.

 

--

Svyatoslav Pidgorny, MCSE, RHCE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

Gunna wrote:<span style="color:blue">

> Can anyone help me with a question. I have a fully implemented and running

> Microsoft 2003 Cetificate services solution. As you may know alot of vendors

> release there solution as a hardwware based applaince with a Web UI. Most of

> them use there own Self Signed certificate. I have one that will allow me to

> export and import the certificate. If I export the certificate how do i sign

> it with my PKI so my browser will accept the certificate.

>

> Yes I could just generate one and improt it but I wuld like to know how to

> do both.

>

> Thanks.</span>

Guest Paul Adare - MVP

Guest Paul Adare - MVP

Posted
Posted

On Thu, 9 Oct 2008 19:52:09 -0700, Gunna wrote:

<span style="color:blue">

> Can anyone help me with a question. I have a fully implemented and running

> Microsoft 2003 Cetificate services solution. As you may know alot of vendors

> release there solution as a hardwware based applaince with a Web UI. Most of

> them use there own Self Signed certificate. I have one that will allow me to

> export and import the certificate. If I export the certificate how do i sign

> it with my PKI so my browser will accept the certificate.</span>

 

You can't take an existing certificate and have it signed again.

 

--

Paul Adare

MVP - Identity Lifecycle Manager

http://www.identit.ca

Guest Alun Jones

Guest Alun Jones

Posted
Posted

"Gunna" <Gunna@discussions.microsoft.com> wrote in message

news:AAE424AA-C135-44A9-90FF-F5580E2052B4@microsoft.com...<span style="color:blue">

> Can anyone help me with a question. I have a fully implemented and

> running

> Microsoft 2003 Cetificate services solution. As you may know alot of

> vendors

> release there solution as a hardwware based applaince with a Web UI. Most

> of

> them use there own Self Signed certificate. I have one that will allow me

> to

> export and import the certificate. If I export the certificate how do i

> sign

> it with my PKI so my browser will accept the certificate.

>

> Yes I could just generate one and improt it but I wuld like to know how to

> do both.</span>

 

Think of your request as being akin to this:

 

I can embed my name and your logo in a block of plastic. I can also ask you

to embed your name and my logo in a block of plastic. How can I take a

block of plastic into which you've embedded your name and logo, and then

embed my own name in there as well?

 

The answer is that to do that, you have to melt the plastic block to extract

the logo, and then build your own plastic block to embed the logo and name.

 

Similarly, the process of creating a certificate is that of signing a

Certificate Signing Request (CSR). Note that you are not signing a

Certificate, because a Certificate is already signed. You will have to

either create a new CSR, and then sign it to create a certificate, or find a

way to get the other app to generate a CSR for you to sign.

 

Alun.

~~~~

--

Texas Imperial Software | Web: http://www.wftpd.com/

23921 57th Ave SE | Blog: http://msmvps.com/alunj/

Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.

Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...