cancel
Showing results for 
Search instead for 
Did you mean: 

Lost CSR

SOLVED
careless_
Occasional Contributor

Lost CSR

Hi, in testing the SA device, I generated a CSR and sent it to the CA for signing. I later imported the certificate from another SA device, and the import process erased the CSR which was pending (stupid ... Smiley Sad).

I still have the text that I sent to the CA. Is there any way to still use this certificate once I get it back from the CA or I'd better get another one generated? I was under the impression that the CSR text holds the key to decrypt the cert I'll be receiving from the CA?

1 ACCEPTED SOLUTION

Accepted Solutions
gamer004_
Contributor

Re: Lost CSR

The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will result in exactly the same private key.

By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....

you could check with your CA....

View solution in original post

4 REPLIES 4
muttbarker_
Valued Contributor

Re: Lost CSR

If you still have the CSR file that was created (external copy) you can try and import both the CSR and the cert itself. Not something I have played with much but may very well work for you.
gamer004_
Contributor

Re: Lost CSR

The problem with generating a CSR on the IVE is that when you type random data, you're actually generating a private key. The public part is sent of to the CA. When the original CSR is missing, to my knowledge, your private key is also gone. What you could try:

1. If you have backup ( system.cfg or XML) try to restore. This will restore any pending CSR's as well.

2. Generate a new CSR on for example a Windows CA server. Use the same information as before and mark the private key as exportable. Have your CSR signed by the CA and import the certificate including the private key into your IVE.

Goodluck.

Frank

careless_
Occasional Contributor

Re: Lost CSR

Thanks. I've got a screenshot of the CSR showing the time it was generated, as well as the "random keystrokes" for the original CSR. Would I have sufficient data to re-generate the original private key? If so, how to do it?
gamer004_
Contributor

Re: Lost CSR

The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will result in exactly the same private key.

By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....

you could check with your CA....