I sent a client a CSR a few months ago and now they finally sent me back the CA response. However, there are multiple Windows 2008R2 servers and I don't remember which one I used to generate the CSR and, therefore, I don't know which server contains the private key.
How can I find out?
Update
On the server I suspected was the right one, I went into the certificate management for the local computer using the MMC (certmgr.msc) and under Certificates (Local Computer) > Certificate Enrollment Requests > Certificates, I found the private key associated with the CSR.
My problem is, however, that when I try to complete the request from IIS (where I created the CSR) it doesn't associate it with this private key. I tried certreq -accept -machine "c:\cert.crt" but I get this error:
Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146
885628)
2nd Update
I was able to figure out that the client used a different CSR than we sent them to request the certificate. I did this by comparing the "Issued To" info on their certificate to the same info on the CSR I sent them and found that the cities were different. Hope that helps someone else out there dealing with problematic clients :)
You could try and use the openSSL toolset to compare certs: http://bogpeople.com/networking/openssl.shtml
Apologies if this isn't helpful - I come from a Linux background, and are not familiar with Windows administration. There are binary distributions for Windows, for what it's worth => https://www.openssl.org/related/binaries.html
I've a way to find out if the CSR is generated from one of the Windows servers.
in cmd: certutil filename.csr
in Machine attribute you will get where it's generated.
User contributions licensed under CC BY-SA 3.0