Microsoft Certificate Authority Multiple Requests for same private key - revert or revoke
I have installed a Microsoft Certificate Authority and Requested CA Certificate - which created a file on the disk. After a couple of weeks I finally worked out who to ask internally within the company - so today I received the signed file back.
On my Certificate Authority I logged on and accidentally clicked "Request CA Certificate..."
I clicked cancel twice and yet a new request file was created.
(I've repeated this and confirmed that clicking cancel does not cancel the request generation. I did it after attempting to install the certificate properly as per the next sentence.)
I then clicked "Install CA Certificate..." selected the signed certificate file I was sent and got the following message
So, my questions are - Have I missed something and did I miss some step/take too long or are my steps causing the message for some other reason than the extra request generated.
If this error message is due to the new request is there someway to reset the state of the server so it is using the original request? I do have the original request file but not much else. I did not take a backup before attempting to install the certificate. I am allowed to restore to a backup made 24hours ago so i am restoring this - whilst keeping the current image intact.
If I have no way back and so need to generate a new request and get it signed - it seems to me the private key is the same so if I generate a new request should I not revoke the granted "Request"?
I have done all these steps (expect the mistake ) previously but instead "sending" my request file to my own offline root CA. this was prior to attempting to integrate it within the companies PKI so I believe I am performing all the correct steps. The main difference was the length of time it took from Request generation to attempt to install CA Certificate.
windows-server-2008-r2 certificate-signing-request
add a comment |
I have installed a Microsoft Certificate Authority and Requested CA Certificate - which created a file on the disk. After a couple of weeks I finally worked out who to ask internally within the company - so today I received the signed file back.
On my Certificate Authority I logged on and accidentally clicked "Request CA Certificate..."
I clicked cancel twice and yet a new request file was created.
(I've repeated this and confirmed that clicking cancel does not cancel the request generation. I did it after attempting to install the certificate properly as per the next sentence.)
I then clicked "Install CA Certificate..." selected the signed certificate file I was sent and got the following message
So, my questions are - Have I missed something and did I miss some step/take too long or are my steps causing the message for some other reason than the extra request generated.
If this error message is due to the new request is there someway to reset the state of the server so it is using the original request? I do have the original request file but not much else. I did not take a backup before attempting to install the certificate. I am allowed to restore to a backup made 24hours ago so i am restoring this - whilst keeping the current image intact.
If I have no way back and so need to generate a new request and get it signed - it seems to me the private key is the same so if I generate a new request should I not revoke the granted "Request"?
I have done all these steps (expect the mistake ) previously but instead "sending" my request file to my own offline root CA. this was prior to attempting to integrate it within the companies PKI so I believe I am performing all the correct steps. The main difference was the length of time it took from Request generation to attempt to install CA Certificate.
windows-server-2008-r2 certificate-signing-request
add a comment |
I have installed a Microsoft Certificate Authority and Requested CA Certificate - which created a file on the disk. After a couple of weeks I finally worked out who to ask internally within the company - so today I received the signed file back.
On my Certificate Authority I logged on and accidentally clicked "Request CA Certificate..."
I clicked cancel twice and yet a new request file was created.
(I've repeated this and confirmed that clicking cancel does not cancel the request generation. I did it after attempting to install the certificate properly as per the next sentence.)
I then clicked "Install CA Certificate..." selected the signed certificate file I was sent and got the following message
So, my questions are - Have I missed something and did I miss some step/take too long or are my steps causing the message for some other reason than the extra request generated.
If this error message is due to the new request is there someway to reset the state of the server so it is using the original request? I do have the original request file but not much else. I did not take a backup before attempting to install the certificate. I am allowed to restore to a backup made 24hours ago so i am restoring this - whilst keeping the current image intact.
If I have no way back and so need to generate a new request and get it signed - it seems to me the private key is the same so if I generate a new request should I not revoke the granted "Request"?
I have done all these steps (expect the mistake ) previously but instead "sending" my request file to my own offline root CA. this was prior to attempting to integrate it within the companies PKI so I believe I am performing all the correct steps. The main difference was the length of time it took from Request generation to attempt to install CA Certificate.
windows-server-2008-r2 certificate-signing-request
I have installed a Microsoft Certificate Authority and Requested CA Certificate - which created a file on the disk. After a couple of weeks I finally worked out who to ask internally within the company - so today I received the signed file back.
On my Certificate Authority I logged on and accidentally clicked "Request CA Certificate..."
I clicked cancel twice and yet a new request file was created.
(I've repeated this and confirmed that clicking cancel does not cancel the request generation. I did it after attempting to install the certificate properly as per the next sentence.)
I then clicked "Install CA Certificate..." selected the signed certificate file I was sent and got the following message
So, my questions are - Have I missed something and did I miss some step/take too long or are my steps causing the message for some other reason than the extra request generated.
If this error message is due to the new request is there someway to reset the state of the server so it is using the original request? I do have the original request file but not much else. I did not take a backup before attempting to install the certificate. I am allowed to restore to a backup made 24hours ago so i am restoring this - whilst keeping the current image intact.
If I have no way back and so need to generate a new request and get it signed - it seems to me the private key is the same so if I generate a new request should I not revoke the granted "Request"?
I have done all these steps (expect the mistake ) previously but instead "sending" my request file to my own offline root CA. this was prior to attempting to integrate it within the companies PKI so I believe I am performing all the correct steps. The main difference was the length of time it took from Request generation to attempt to install CA Certificate.
windows-server-2008-r2 certificate-signing-request
windows-server-2008-r2 certificate-signing-request
edited Feb 14 at 3:48
Ross
asked Feb 14 at 3:39
RossRoss
962719
962719
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1405526%2fmicrosoft-certificate-authority-multiple-requests-for-same-private-key-revert%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1405526%2fmicrosoft-certificate-authority-multiple-requests-for-same-private-key-revert%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown