Where is the private key after using certreq for CSR generation on Windows 10?
It's stored in the Windows certificate store. When you import the signed certificate, you will find you have a corresponding private key. It matches them by modulus, if I recall.
You can get a list of the private keys you have as a result of certificate enrollment requests (such as you made with certreq) by running certmgr.msc for the computer account (or simply certlm.msc for Windows 2012R1 or Windows 8 onwards).
The keys are in the Certificate Enrollment Requests folder.
The easiest thing to do if you need to use the certificate without using the API is to import the certificate, export it, and use openssl to transform the resulting PKCS5 into a PEM certificate and key.
You can also use openssl to generate keys and certificate requests, and if you plan to use them in PEM format on the filesystem rather than using the Windows API, you might as well do that.
Related videos on Youtube
11 : 04
07 : 03
06 : 13
04 : 21
00 : 57
02 : 45
08 : 57
Comments
-
Chong Lip Phang over 1 year
I tried to follow the website below for instructions on how to generate the CSR for my web server:
http://www.entrust.net/knowledge-base/technote.cfm?tn=8649However, it only generates the CSR. Where is the private key? I was told that the key is generated at the time of CSR generation.
I am using Windows 10. I plan to use node.js Express. Are there alternative tools we can use to generate CSR on Windows 10?
-
Ryan Ries over 8 yearsIt's complicated. serverfault.com/questions/642253/…
-
-
Chong Lip Phang over 8 yearsIt seems that the store is not a directory. I was under the impression that the key is a file I can refer to in my script.
-
Falcon Momot over 8 yearsIndeed, it is not a directory. You have to export it if you want a file.
-
F.I.V over 6 yearsfor "Certificate Enrollment Requests", choose "computer account" while loading certmgr.msc via MMC
