Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft Windowswindows server 2012 certificates & private keys
fran1942

82 posts

Master Geek

Trusted

#166330 9-Mar-2015 20:04
Send private message

Hello, just trying to understand how this works.
So you have a Windows server with Certificate Services installed. You create a certificate.
i) does this certificate automatically include an embedded private key or is it a separate file that you have to store somewhere?
ii) if you distribute this certificate via group policy to clients, does this version automatically include a public key ?

thanks for any help.

Create new topic
gbwelly
1243 posts

Uber Geek


  #1254435 10-Mar-2015 07:49
Send private message

A private key should be just that, private. You should only move a private/public key pair in very specific circumstances. I think you are asking if the CA's public key will be placed in the trusted root CA store on the client computers? If you have created an Enterprise CA then all the domain joined client computers should automatically trust certificates signed by that CA. Don't muck around with the private key for a CA, if anyone gets hold of it they can generate and sign certificates and those certificates will be trusted by the clients.









wasabi2k
2096 posts

Uber Geek


  #1254492 10-Mar-2015 09:31
Send private message

Certificates have a public key and a private key.

The Public key is distributed wherever it is needed - when you visit https://www.securesite.com you view the public key of that certificate. Traffic sent there is encrypted using that public key.

The people that control the certificate also have the private key. This is secured and should never leave your control. This key is used to decrypt traffic encrypted with the public key.

When you establish a new CA, you generate a new CA certificate, which contains both public and private keys. You then distribute the public key for that root CA to all your clients as a trusted root certificate, so they now trust all the certificates your CA issues.

When a client is issued a certificate (user/computer or other) they receive both a private and public key.

For quick reference:

A .pfx usually contains private and public keys and can contain an entire certificate chain
A .cer or .crt is the public key only and is used to add root certificates or intermediate authorities

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright