How to renew the certificate issued by a standalone CA server
Arunkumar
Hi Everyone,
I have configured a standalone CA and issued ssl certificates
to end users who are Anonymous users All are made to requested through web
page Enrollment then we created the certificate and sent them through mail
along with private key. Now i need to renew
the issued certificates validity.(all the certificates have few more months
validity time left out).
I followed the following renewal process from Tech net.
Steps I followed:
1) Open Internet Explorer
2) In Address, type http://servername/certsrv, where servername is the name
of the Windows 2000 Web server where the certification authority (CA) you
want to access is located
3) Click Request a certificate, and then click advanced certificate request
4) Click Submit a certificate request using a base64-encoded CMC or PKCS #10
file, or submit a renewal request by using a base-64-encoded PKCS #7 file
5) Do one of the following:
Open Notepad. On the File menu, click Open. Select the PKCS #10 or PKCS #7
file and click Open. On the Edit menu, click Select all, and then, on the
Edit menu, click Copy. On the Web page, click in the Saved request scroll
box. On the Edit menu, click Paste to paste the contents of certificate
request into the scroll box.
If your Web browser security settings do not prohibit a Web page from
accessing your disk, you can click Browse for a file to insert to locate the
file you want to use for the certificate request. If you get a warning about
the ActiveX control, click Yes to allow it to run, then click Browse. After
locating and selecting the file you want to use for the certificate request,
click Read!. On the Web page, click Read! to paste the contents of the file
into the scroll box. See the note about using Browse.
6) If you are connected to an enterprise CA, choose the certificate template
you want to use.
7) Click Submit.
Here after step NO 5 I am getting the error message as follows :
COM Error info:
CCertrequest:submit the data is invalid 0x8007000d(WIN32:13)
Suggested cause :
The certificate request contained bad data.if you are submitting a saved
request,make sure that the request
contains no garbage data outside the BEGIN and END tags, and that the file
containing the saved request is not corrupted.
Any help for this issue is very much appriciated.
Thanks & Regards
Arunkumar
Paul Adare
<snip>
>
>
> Here after step NO 5 I am getting the error message as follows :
>
> COM Error info:
> CCertrequest:submit the data is invalid 0x8007000d(WIN32:13)
>
> Suggested cause :
>
> The certificate request contained bad data.if you are submitting a saved
> request,make sure that the request
> contains no garbage data outside the BEGIN and END tags, and that the file
> containing the saved request is not corrupted.
>
> Any help for this issue is very much appriciated.
How exactly did you have your users generate the renewal requests? Are you
sure that you're trying to submit a renewal (PKCS#7) and not an enrollment
request (PKCS#10)?
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Arunkumar
I am sure that i am trying the renewal by submitting the PKCS # 7 format and
i myself tested it for my certificate by generating the PKCS #7 and submitted
for renewal to standalone CA .
Thanks & Regards
Arunkumar .G
"Paul Adare" wrote:
> .
>
Stardust
-----BEGIN NEW CERTIFICATE REQUEST-----
.... your certificate request comes here....
-----END NEW CERTIFICATE REQUEST-----
Make sure you delete the end trailing spaces (if you have any) from the
above lines.
Arunkumar
Hi
I have generated the PKCS file but i its not showing like the format as
mentioned
by you . so could you please tell me the way how to generate a PKCS file .
Thanks In Advance
Arunkumar .G