New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate is not stored with private Key #2342
Comments
How did you reach the conclusion that the certificate doesn't have a private key? The only way I can imagine this could legitimately happen is if EJBCA is not using the public key provided by the program to sign the certificate but rather something generated elsewhere (e.g. you had to pre-feed it a CSR and/or it offers the PK up for download outside of the ACME protocol). |
Hi, I have now tested the newest version and also ask our consultant for EJBCA and he run into the same problem. It doesn't matter if I use the command or do it manually in the "UI". In both cases I will get an certificate without private key. `C:\Program Files\win-acme>wacs.exe --source manual --certificatestore My --host SERVER.FQDN --accepttos --verbose [INFO] A simple Windows ACMEv2 client (WACS) [VERB] Constructing ACME protocol client... |
You didn't answer my question:
|
Hi, Windows doesn't show the "key" and the info "You have a private key that corresponds to this certificate" is also not showing when I open it through mmc. I also tried to get the private key from the .pfx that will be saved under "C:\ProgramData\win-acme" but when I do that with the command below the exported file is empty. openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key] |
I added some extra verbose logging output to this build to help diagnose this issue, can you run this build? https://ci.appveyor.com/project/WouterTinus/win-acme-s8t9q/builds/46894264/artifacts |
Hi, thanks for helping. I run the new build, the log is attached. |
Thanks for that, unfortunately there's no red flag in this log that explains why it's happening, though it at least proves that it is happening. I'll take another look at the code and add more logging to hopefully nail this one down. |
Thank you so much for the help. :) |
I believe that I have fixed the bug in this build: https://ci.appveyor.com/project/WouterTinus/win-acme-s8t9q/builds/46905789/artifacts The problem was that the PEM-encoded certificate contains some leading data (maybe some comments?) that confused our PFX builder. |
Good morning, I just tested the new build and it works perfect now. Kind greetings and a nice weekend, |
Fix included in 2.2.5 |
Hi everyone,
we are new to win-acme and want to automate our Windows certificate stuff.
To start with, I just wanted to get a simple certificate and let it import to the Windows cert store. It works so far that i get a certificate but it will imported without private key. If I let win-acme safe it as a .pfx it also have no private key.
I have also tried different versions of win-acme but without luck.
Does anyone have an idea why this might happening?
We are using EJBCA as PKI.
Kind greetings,
Fabian
The text was updated successfully, but these errors were encountered: