SSL VPN
Reply
Visitor
careless
Posts: 8
Registered: ‎06-10-2009
0
Accepted Solution

Lost CSR

Hi, in testing the SA device, I generated a CSR and sent it to the CA for signing. I later imported the certificate from another SA device, and the import process erased the CSR which was pending (stupid ... :smileysad:).

I still have the text that I sent to the CA. Is there any way to still use this certificate once I get it back from the CA or I'd better get another one generated? I was under the impression that the CSR text holds the key to decrypt the cert I'll be receiving from the CA?

 

Distinguished Expert
muttbarker
Posts: 2,393
Registered: ‎01-29-2008
0

Re: Lost CSR

If you still have the CSR file that was created (external copy) you can try and import both the CSR and the cert itself. Not something I have played with much but may very well work for you.
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
gamer004
Posts: 29
Registered: ‎06-11-2009
0

Re: Lost CSR

The problem with generating a CSR on the IVE is that when you type random data, you're actually generating a private key. The public part is sent of to the CA. When the original CSR is missing, to my knowledge, your private key is also gone. What you could try:

 

1. If you have backup ( system.cfg or XML) try to restore. This will restore any pending CSR's as well.

2. Generate a new CSR on for example a Windows CA server. Use the same information as before and mark the private key as exportable. Have your CSR signed by the CA and import the certificate including the private key into your IVE.

 

Goodluck.

Frank

Visitor
careless
Posts: 8
Registered: ‎06-10-2009
0

Re: Lost CSR

Thanks. I've got a screenshot of the CSR showing the time it was generated, as well as the "random keystrokes" for the original CSR. Would I have sufficient data to re-generate the original private key? If so, how to do it?
Contributor
gamer004
Posts: 29
Registered: ‎06-11-2009
0

Re: Lost CSR

The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will  result in exactly the same private key.

 

By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....

 

you could check with your CA....

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.