Is it possible to apply a SSL Certificate without CSR

ssl iis ssl-certificate
6,300

By the past, i used to generate a CSR file on my server. This CSR was sent to the registrar. Then, the registrar gaves me a certificate.

Today, my registrar gave me a certicicate (.cer file) and i did not send a CSR file to him.

this indicates that registrar (CA) signed again your public key. CSR is literally a public key that CA signs and creates certificate. You can open existing and new certificate an compare public keys. If they match, you can replace existing certificate with new certificate.

if pubic key is the same in both certificates, then:

  1. open Certificates MMC focused on Local Machine context (certlm.msc)
  2. import received .cer file without private key
  3. run certutil -repairstore my <SerialNumber> command, where <SerialNumber> is the serial number of new certificate.

Example:

certutil -repairstore my "0102030405060708090a0b0c0d0e0f"

where 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f is serial number in hex octets. Certutil will associate existing private key with new certificate. Verify that key is successfully associated with new certificate:

certutil -store my "0102030405060708090a0b0c0d0e0f"

As the result you will get two public certificates that share the same key pair. Then you can use IIS manager to assign new certificate to web sites.

Share:
6,300

Related videos on Youtube

Bob5421
Author by

Bob5421

Updated on September 18, 2022

Comments

  • Bob5421
    Bob5421 over 1 year

    By the past, i used to generate a CSR file on my server. This CSR was sent to the registrar. Then, the registrar gaves me a certificate.

    Today, my registrar gave me a certicicate (.cer file) and i did not send a CSR file to him.

    My question is: Does this CSR file really needed ? Or is there a way to setup an SSL certificate without having generating a CSR before ? I was thinking CSR contains public key.

    For information, this is for setting up https on IIS.

    Thanks

    • wurtel
      wurtel about 5 years
      The CSR is the way of obtaining a certificate without having to provide the issuer with the private key. If you didn't first send a CSR, then the issuer will also have to give you the private key.
    • Patrick Mevzek
      Patrick Mevzek about 5 years
      Is this a new certificate or a renewal of an existing one? Also some CAs or resellers can generate the private key in your web browser, it will never go out of it, and hence create a CSR under the hood without you having to create it specifically, you will just need to input the data that is normally inside, like hostnames for DV-certificates, etc.
  • Bob5421
    Bob5421 about 5 years
    Thanks, how should i do if CA gives me CSR, Private key and CRT file?
  • Crypt32
    Crypt32 about 5 years
    CA will never give you private key, because it is private and is held by a client only.
  • Bob5421
    Bob5421 about 5 years
    In fact CA is generating for me a csr and a private key. This is not the private key of the CA
  • Crypt32
    Crypt32 about 5 years
    In fact CA is generating for me a csr and a private key. -- if they did, I would recommend to change CA. It is not their responsibility to create keys on your behalf. Keys are generated only by client and only client has knowledge of private key.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CRYPT_E_NOT_FOUND when importing certificate
Can you install multiple SSL certificates on IIS?
How to install cer and p7b certificates to use in IIS?
Page can't be displayed with IIS and SSL
Missing "Server Certificates" icon in IIS8
IIS7 add certificate to site from command line
How do I import certificate (.CER) in IIS
How to create self-signed SAN certificate in IIS?
Can you import a SSL certificate from another Windows IIS 7 server?
Why does Chrome complain about "obsolete cryptography"?