Certificate Help....

Days like these make me wish I had went the MCSE/MCITP route (I guess there is still time) but anyway here is my problem:

Windows Server 2k3
IIS 6

I am (attempting) to roll out a product that requires a public pfx certificate. I have an ssl certificate (in p7s format) but I am sort of a a loss on what to do. In order to generate the pfx file, I followed steps similar to those shown here: How to install a server certificate after a pending request has been deleted in IIS 5.0 and I do actually have a pfx file but when I try to use it, it says that there is no certificate chain on the certificate. I know the error is stating that because the certificate I made was self assigned but I am unsure how to get a "public" pfx certificate that satisfies what the installer needs. Can anyone help me out?

BTW I do have a public ssl cert (in p7s format) and I also have the same cert in crt format. When I import the certs in the cert store (and place them in "personal") I do not get the ability to export them in pfx format. Do I need to different cert? Am I placing them in the wrong place?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Bl8ckr0uter

I am wondering if I got the wrong cert. Does anyone know the difference between ps7 and pfx certs?

RobertKaucher

X.509 - Wikipedia, the free encyclopedia

Don't know if their explanation of the file types helps you, but it's there.

Bl8ckr0uter

RobertKaucher wrote: »

X.509 - Wikipedia, the free encyclopedia

Don't know if their explanation of the file types helps you, but it's there.

It does help to know that these are different. I have an idea of what the issue could be. I might need to create the site, assign it to the site and then export it using IIS since it said PFX is IIS generated. Hmm...

I brought your 291 book to work but other things have come up and I haven't been able to test my theory (yet).

Man I should have done MCSA....

On another note, are the 290, 291 and 680 "light" enough to squeeze in as backgroud noise to my other goals?

willhi1979

You can use IIS for web enrollment for certificates, but I'm not sure if that's what they mean. Most of the stuff I've been studying on certificates uses PKCS.

Bl8ckr0uter

willhi1979 wrote: »

You can use IIS for web enrollment for certificates, but I'm not sure if that's what they mean. Most of the stuff I've been studying on certificates uses PKCS.

I figured it out yesterday. Basically I had to do the following:

Redo my CSR on the site in IIS and reissue my SSL cert
Then process the request and assigning it to the site I created
Then I went into the certificate store and exported the site (with private keys and key chain) in pfx format.

It worked like a champ. I am going to do a blog post about it this weekend.

Psoasman

Bl8ckr0uter wrote: »

Man I should have done MCSA....

On another note, are the 290, 291 and 680 "light" enough to squeeze in as backgroud noise to my other goals?

It depends on how much is on your plate. The 290 is fairly easy. the 291 is probably the hardest, but with your knowledge, you should be fine.

Bl8ckr0uter

Psoasman wrote: »

It depends on how much is on your plate. The 290 is fairly easy. the 291 is probably the hardest, but with your knowledge, you should be fine.

Well now I am going to try to knock out WCNA. SSCP, CEH and LPIC-1 by may. Fun times. I am still going to study windows and I might do the MCTS AD 2k8 but that might be pushing it.

RobertKaucher

Only thing I would add is you do not get implementations specific questions like this in the MCSA or MCSE exams.

This is the sort of thing you learn because you have to do it a few times. Not in even labbing for exams, where even if you did something like this you would likely forget it quickly. I have done things like this with IIS a few times, but I would still have to look the process up as my memory capacity is very valuable and things I do once or twice every 4 to 5 years will just lose in the Darwinian struggle for memory retention.

Bl8ckr0uter

RobertKaucher wrote: »

Only thing I would add is you do not get implementations specific questions like this in the MCSA or MCSE exams.

This is the sort of thing you learn because you have to do it a few times. Not in even labbing for exams, where even if you did something like this you would likely forget it quickly. I have done things like this with IIS a few times, but I would still have to look the process up as my memory capacity is very valuable and things I do once or twice every 4 to 5 years will just lose in the Darwinian struggle for memory retention.

So what you are saying is that if I do the MCSA for this purpose, it may be for naught?

RobertKaucher

I don't think the MCSA is going to develop any skills in managing IIS at all except for the most basic things like managing IIS permissions and such.

Devilsbane

RobertKaucher wrote: »

I don't think the MCSA is going to develop any skills in managing IIS at all except for the most basic things like managing IIS permissions and such.

291 is really the only one that touches IIS and it is all pretty basic.

vCole

Bl8ckr0uter wrote: »

So what you are saying is that if I do the MCSA for this purpose, it may be for naught?

291 barely touches on IIS. Better to just read up on it to learn it.

RobertKaucher

Amazon.com: CYA Securing IIS 6.0 (0792502362563): Chris Peiris, Bernard Cheah, Ken Schaefer: Books Might be time better spent....

Bl8ckr0uter

Thanks.

Now I just need to figure out if MCSA is worth it or not. 290, 291, and 680 would match our network. It is a cert on an old platform though and I have read the threads about how MCSA/E is dead lol. I wonder if I could do all three test in 1 month? Like all in June. Hmm....