KB 1008: How to Generate .pfx Certificate Using Certification Authority(CA)

This article explain how can we generate .pfx format of the certificate using Certificate Authority.

Creating Certificate Template

We would need certificate with private key exportable. To create template in CA please follow the steps below:

1. Connect to CA server.
   
2. Open Server Manager > Tools > Certification Authority.
   
3. Right click on Certificate Template and then click on Manage. 
   
4. Scroll down till the point where you are able to see Web Server certificate template. Right click and select Duplicate Template. 
   
5. Click on General tab and name this for example SVM Appliance Cert.
   
6. Click on Request Handing and make sure you select Allow private key to be exported.
   
7. Click on Cryptography  and change Minimum key size to 2048. 
   
8. Click on Security tab and add server from where you would be generating request, then click on that server and make sure Enroll is check. 
   
9. Click OK and close the Certificate Templates Console.
   
10. Right click on Certificate Template and click on New > Certificate Template to Issue.
    
11. Choose the certificate template you just created and click OK.
    

Creating Certificate 

Once this the above is done you are good to generate the certificate.

1. Login to the server which you have added in security tab of the certificate.
   
2. Press Windows + R from the keyboard to open Run window.
   
3. Type mmc and click OK.
   
4. Click File > Add/Remove Snap-in..
   
5. Click on Certificates and then click on Add. Select Computer account and click Next followed by Finish at next window of Select Computer. 
   
6. Click OK  on Add or Remove Snap-ins window.
   
7. Explore Certificates > Personal > Certificates.
   
8. Click on More Actions > All Tasks > Request New Certificate...
   
9. At Certificate Enrollment window click Next followed by another Next.
   
10. At Certificate Enrollment :: Request Certificates,select the created template and click on More information is required to enroll for this certificate...
    

            

      

      11. Drop down the Type window and select  Common name. Type in value (Should be FQDN of your SVM Server) and click on  Add.

         

The value should go to the right pane.                                                                                                                                                      

            

      12. Same way you would need to add  Country, Email, Organization, Organization unit, Locality. Once done, click on  OK. You would notice              the  More information is required to enroll for this certificate... would disappear.

            

            

      13. Click on  Enroll followed by  Finish.

Exporting .pfx File 

1. In Certificate > Personal your new certificate is created.
   
2. Right click on that certificate go to All Tasks > Export.
   
3. Click on Next on Certificate Export Wizard window.
   
4. Click on Yes, export the private key and click Next followed by Next without changing any value at next window.
   
5.  Check Password and type in the password for this certificate (You would need this later whenever you need to use this private key) and click Next.
   
6. Browse the location where you want to save the file, type in File name and click Save.
   

If you would like to import public key(.CER) format certificate, choose No, do not export private key and step 4.                                  

Author:  Fawad Laiq

• Related Articles

• KB 1009: Smart Groups are no longer compiling on the server

  Smart Groups are no longer compiling on the server Summary For Corporate Software Inspector On-Premises Edition, Smart Groups have stopped compiling Symptoms Smart Groups are stuck and not compiling. This may also show as scan results not being ...

• KB 1007: WorkAround For Web Jump Does Not Allow Copy Paste

  Use RDP to Access a Remote Windows Endpoint Use BeyondTrust to start a Remote Desktop Protocol (RDP) session with a remote Windows system. Because remote desktop protocol sessions are proxied through a Jumpoint and converted to BeyondTrust sessions, ...

• KB 1010: Package publishing failed Code -2146233079 Error 2148081670

  SummaryThe above error occurs while publishing package due to WSUS certificate missing Private key. SymptomsFailed to publish package Code -2146233079 Failed to sign in package, error was 2148081670 CauseThis error occurs when Private key is missing ...

• KB 1013: Moving WSUS Updates with WsusUtil.exe

  Moving WSUS Updates with WsusUtil.exe Summary If the WSUS Updates folder needs to be moved it is important to use the WsusUtil.exe tool to avoid issues. Symptoms When the Updates folder is moved without using the WsusUtil.exe tool you will experience ...

• KB 1011: Software Vulnerability Management 2018 AKA CSI fail to sign the package with error code 2147942593

  SummaryThis article will help the customer to resolve the fail to sign the package issue. SymptomsThis error usually appears when there is no signing certificate available on WSUS server certificate stores. Resolution Login to your WSUS server Run ...