Management certificates - Sharing on different Machines

Question

I am automating the service management operations on Azure...

I created the certificate using certmgr

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

After I uploaded certificate  to the azure portal and installed the certificate to Personal Store... Things worked from that Machine...

After that I copied the certificate to another machine and installed the certificate in the same way as done on first machine but while doing the management operation I got the 403 Exception(Authentication error)...  Cant i use the same certificate from the multiple machines???

Regards,

Anshul

Answer 1

What you would need to do is export the certificate with it's private key. Try the following steps:

1. From the certificate store on your computer, export the certificate and choose to include private key while exporting. This would create a .pfx file on your computer. Remember the password for this file.

2. Copy this .pfx file on the 2nd computer and then install the certificate in certificate store there.

3. When creating an instance of X509 certificate object in your code, make use of the certificate store and thumbprint.

Hope this helps.

Thanks

Gaurav

Answer 2

Thanks Gaurav,

But the certificate generated through following doesn't give me the option to export with private key(i.e. in pfx format)

I have created the certificate in the following way....

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

Do i need to generate the certificate in some different way so that it has private key with it ....

Also if so can you tell me the way to it????

Answer 3

You would first need to install the certificate in your local certificate store on the computer where you created it. To do so, right click on the cer file and then select "Install Certificate". Once the certificate is installed in the store, you can then export it using certmgr.msc utility.

Hope this helps.

Thanks

Gaurav

Answer 4

Thanks Gaurav,

But as I said that certmgr.msc doesn't give me any option to export as pfx....

Below is the first screen and if i Click next on this screen... Screen2 Looks like below Screen1

  SCREEN 1

Screen 2 :

This screen comes after immediately clicking the next on first screen and it doesn't allow the export in pfx format...While i Have seen in some other certificates allow that and before the second screen they ask whether you want to export the private key... I suspect that is the issue...

It seems that this certificate does not have the Private key...

I think I need to generate the certificate with private key ...

Answer 5

Hi Rohit,

Is the certificate you're trying to export was created on the same machine from where you're running certmgr.msc? Here's what I did:

1. Using your makecert command, I created a certificate (.cer file) and then imported it in the certificate store. When I try to export that certificate, I get the option of exporting it in pfx format.

2. Next I asked my colleague to do the same on his computer. He created the certificate file and I imported that file in certificate store on my computer. Now when I try to export that certificate, I don't get the option of exporting it in pfx format.

Also note that in your screenshots, the "lastcert" certficate (the 1st one in the screenshot above) does not have the "key" in the icon where as "mycert" certificate (2nd one) does have that key. Try exporting "mycert" and see if you get the option of exporting with private key.

Hope this helps.

Thanks

Gaurav

Answer 6

Hi Gaurav,

Yes this is the same machine from which the certificate is created...

1. Using your makecert command, I created a certificate (.cer file) and then imported it in the certificate store. When I try to export that certificate, I get the option of exporting it in pfx format.

This is where the problem is that in the second half of the first step I am not getting the option for pfx....

I Created the certificate using the following command ... Are you using the same?

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

I think this is the difference how the certificate is created...

Please Share if you are creating the certificates differently...

Answer 7

Hi Anshul,

I am not sure about what could be the issue. But, when I tried the steps mentioned by you including the command to generate the .cer file, I am able to generate PFX file successfully. I am getting the "export private key" option.

Please ensure if you have admin rights on the machine that you are working on.

---

If you found this post useful, Please "Mark as Answer" or "Vote as Helpful". Thanks! Vaibhav Gujral.

Answer 8

Hi Anshul,

You can also try out the steps mentioned at: http://www.globalsign.com/support/faq/iis/04.php 

I hope it helps!!

---

If you found this post useful, Please "Mark as Answer" or "Vote as Helpful". Thanks! Vaibhav Gujral.

Answer 9

Thanks Gaurav and Vaibhav...