How to find out which server generated a CSR

7

I sent a client a CSR a few months ago and now they finally sent me back the CA response. However, there are multiple Windows 2008R2 servers and I don't remember which one I used to generate the CSR and, therefore, I don't know which server contains the private key.

How can I find out?

Update

On the server I suspected was the right one, I went into the certificate management for the local computer using the MMC (certmgr.msc) and under Certificates (Local Computer) > Certificate Enrollment Requests > Certificates, I found the private key associated with the CSR.

My problem is, however, that when I try to complete the request from IIS (where I created the CSR) it doesn't associate it with this private key. I tried certreq -accept -machine "c:\cert.crt" but I get this error:

Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146
885628)

2nd Update

I was able to figure out that the client used a different CSR than we sent them to request the certificate. I did this by comparing the "Issued To" info on their certificate to the same info on the CSR I sent them and found that the cities were different. Hope that helps someone else out there dealing with problematic clients :)

windows
http
ssl-certificate
iis-7.5
asked on Server Fault Apr 16, 2014 by blizz • edited Apr 17, 2014 by blizz

2 Answers

1

You could try and use the openSSL toolset to compare certs: http://bogpeople.com/networking/openssl.shtml

Apologies if this isn't helpful - I come from a Linux background, and are not familiar with Windows administration. There are binary distributions for Windows, for what it's worth => https://www.openssl.org/related/binaries.html

answered on Server Fault Jul 5, 2014 by Andrew
1

I've a way to find out if the CSR is generated from one of the Windows servers.

in cmd: certutil filename.csr

in Machine attribute you will get where it's generated.

answered on Server Fault Sep 4, 2018 by n0d3 • edited Apr 12, 2021 by Dave M

User contributions licensed under CC BY-SA 3.0