We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

how to manage / generate pfx files when using centralized certificate managementRSS

2 replies

Last post Feb 24, 2021 08:44 PM by lextm

  • how to manage / generate pfx files when using centralized certificate management

    Feb 23, 2021 06:39 PM|krustyfied|LINK

    So i've been playing around with IIS Centralized certificate management by creating some test certificates using powershell.

    Powershell commandlets (Export-pfxcertifcate) usually create a certificate and it's corresponding private key and store it directly to the certificate store. And then you export it as pfx and store it at the central location. And then the certificate "needs" to be deleted from the store.

    But this process seems counterproductive to how centralized certificate management is supposed to work so I'm wondering - how is one supposed to (in an automated fashion)

    1. 1. generate a key-pair
    2. 2. generate a csr
    3. 3. get the signed cer from CA
    4. 4. export everything to the file share where IIS centralized certificate management looks up

    without involving third party tooling and not relying on certificates being stored in the certificate store.

  • Re: how to manage / generate pfx files when using centralized certificate management

    Feb 24, 2021 09:35 AM|samwu|LINK

    Hi krustyfied,

    krustyfied

    how is one supposed to (in an automated fashion)

    It seems impossible in an automated fashion, have you tried any?

    Best regards,

    Sam

    IIS.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today. Learn more >
  • Re: how to manage / generate pfx files when using centralized certificate management

    Feb 24, 2021 08:44 PM|lextm|LINK

    krustyfied

    without involving third party tooling

    A corporation that might rely on CCS feature is probably already on a third party solution or home made system, so your assumption is not really valid.

    Lex Li
    Want to have a chat on the issues you meet? Book an appointment at https://buy.stripe.com/cN24ia0yi7sAdIA7sv
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.