Generating a Certificate with Private Key

Certificates are one of those elements that you deal with in your initial install and then forget about them until they expire…or until Microsoft releases the mobility functionality and you add a SAN to your public cert.
In my case I didn’t re-key the cert (initially), I thought I’d try adding the SAN from the Lync Deployment Wizard in my Standard Edition Server. It was only once I had submitted the request and downloaded the updated certificate from the public CA (Go Daddy) that I discovered the Private Key was missing.

Probably obvious to most, but I am no certificate Guru J
A little digging helped  me recall that the Private Key can only be exported with the cert from the server that initially requested the cert (i.e. the server that generated the CSR). Since the certificate I was using was initially requested from the Edge server I had no chance of getting the Private Key.
How to get the Certificate with the Private Key
1.       Requested a new certificate from the Edge server (in my case) using the Lync Deployment  Wizard
2.       Copy the CSR text, log into the Public CA (GoDaddy in my case) and select Re Key.

3.       Download the cert from Public CA.
4.       Import the certificate you downloaded into the Personal Store on the Edge server.
5.       Export the cert BUT since this is the server that initially generated the request you will be able to check the box for exporting the Private Key as well.
6.       Once the cert has been exported with the Private key you can use it on multiple servers.

Note from the Peanut Gallery
When assigning a Lync Certificate from the wizard you will only have visibility of certificates that are actually already in the personal store AND have their Private Key atatched.


About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in Certificates, Public Certificate with Private Key, Quick Reference Guide. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s