This post will show you how to find out which server is responsible for issuing certificates in your domain and get some additional information related to local certification authority.
To do it open command line on Windows computer and type:
certutil.exe -TCAinfo
Press “Enter” and you are done !
This post will show you how to renew certificate in Windows Vista OS. To renew certificate:
Press Start > Run, type certmgr.msc and click OK
Select certificate you want to renew
On menu click Actions > All Tasks
Select:
* Renew certificate with New Key
or
* Advanced Operations > Renew this certificate with the same key
Follow wizard to complete renew process
One of my many tasks is to generate CSR requests to third party well known certification authorities. To do that i am using free tool that is supported by Windows server 2003 and Windows Xp - “OpenSSL”.
You can download this tool and VisualC++ 2008 Redistributables needed for OpenSSL to work from here
After tool install we are ready to proceed with CSR generation.
1. Generate a private key protected by password
Open command line, navigate to OpenSSL install directory bin folder (usually it is C:\OpenSSL\bin) and type:
openssl genrsa -des3 -out Prvkey.key 1024
2. Generate CSR file
openssl req -new -key Prvkey.key -out Mycsr.csr
After you`ll press enter you will be asked to supply following information:
Country Name (2 letter code) [AU]: Two letter ISO abbreviation for your country.
State or Province Name (full name) [Some-State]: The state or province where your organization is located.
Locality Name (eg, city) []: The city where your organization is located.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Legal name of your organization.
Organizational Unit Name (eg, section) []: Optional additional organization information, such as department
Common Name (eg, YOUR name) []: domain name you are issuing certificate for, ex. mail.mydomain.com
Email Address []: your organization contact email, ex. info@mydomain.com
Additional info:
A challenge password []: press Enter
An optional company name []: press Enter
CSR file was created.
You can check Mycsr.csr contents with Notepad or Wordpad it must look like this:
—–BEGIN CERTIFICATE REQUEST—–
MIIBzTCCATYCAQAwgYwxCzAJBgNVBAYTAkxUMRAwDgYDVQQIEwd2aWxuaXVzMRAw
DgYDVQQHEwd2aWxuaXVzMRMwEQYDVQQKEwpVQUIgSG9zdGV4MQswCQYDVQQLEwJJ
VDEaMBgGA1UEAxMRbWFpbC5teWRvbWFpbi5jb20xGzAZBgkqhkiG9w0BCQEWDGlu
Zm9AaW5mby5sdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoX5ZsNf63Bq9
7OZpUPcix0auCBs8VzcV4o+5cWIGjuosLhfWLZKGHdTfctUzU8CTjbU501X54Od+
kcPjMrRKhQmeGoZ2aeBoU+O619CW8zrIs79SGt6AHObM2JjAvygHnE5jpH7atO/8
/LpapjZQnKmU8YkM6PVVKQ++iMi5o4MCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GB
AAqqWMa4dY34e+t5lqf0Xfpwx20q+Q/YSOiIB7dWQ2vXreaAEsFGk3kQmiS01uWd
r2xIw2XenIOzPI1IKfkytbYyS+CdOymkFJ5ZBVDpyfAECNaamn9Q43SlJ87kYTrq
wx6bw6LEAqY85xTQLrJ57SRw217F35Td24CFiKgMAukd
—–END CERTIFICATE REQUEST—–
Ok, now you are ready to send CSR file to third party Certification Authority and request your certificate.