I need to create a public/private key pair for a certificate request. I would like to use IIS. Once the certificate is signed I will be distributing it to multiple servers and therefor will need the private key portion as well.
There are plenty of tutorials on how to create the pair and I have done this successfully, however, I can only seem to find the public key portion (I do realize this is the only thing I should send to the authority). I do not want to send a public key to the authority until I am certain I possess the private key as well.
I would appreciate any help; please keep in mind that I am a noob when comes to server administration. Thanks!
Edit:
Based on the information I've been given below, maybe IIS is not the best tool for me to use. Can someone recommend a reliable tool for me to use on windows?
Best Answer
On modern versions of IIS, start the IIS Manager console, click your server in the left pane, then double click "Server Certificates" in the right pane. Now you'll notice in the far right pane, you have an option to "Create Certificate Request" and "Complete Certificate Request".
So once you have created the CSR, take it to the Certificate Authority and they will either grant it or deny it.
The key here (no pun intended) is that the private key is generated when you create the CSR, and therefore the only host that has the private key that corresponds to that CSR right now is the web server on which you created the CSR. So you can only complete the certificate request on the same server. Assuming the Certificate Authority grants your request, the signed response that you get back from the CA will be bound with your private key at the time that you complete the certificate request.
Once you've completed the certificate request, open an MMC console and add the Certificates snapin and locate the certificate that you just received. You can see that you have a corresponding private key for this certificate because it has a little key on its icon. Right click and export it, and make sure that you export the private key with it. The wizard should ask you to password protect the file.
You can now take this exported certificate, with its private key, to any other server you like. Be very careful with this file, as it contains both the public and private key for this certificate so you obviously want to keep it safe.