Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lost CSR

SOLVED
Go to solution
careless_
Occasional Contributor
‎06-11-2009 05:57:AM
‎06-11-2009 05:57:AM

Lost CSR

Hi, in testing the SA device, I generated a CSR and sent it to the CA for signing. I later imported the certificate from another SA device, and the import process erased the CSR which was pending (stupid ... Smiley Sad).

I still have the text that I sent to the CA. Is there any way to still use this certificate once I get it back from the CA or I'd better get another one generated? I was under the impression that the CSR text holds the key to decrypt the cert I'll be receiving from the CA?

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
gamer004_
Contributor
‎06-11-2009 07:46:AM
‎06-11-2009 07:46:AM

Re: Lost CSR

The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will result in exactly the same private key.

By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....

you could check with your CA....

View solution in original post

0 Kudos
4 REPLIES 4
muttbarker_
Valued Contributor
‎06-11-2009 06:19:AM
‎06-11-2009 06:19:AM

Re: Lost CSR

If you still have the CSR file that was created (external copy) you can try and import both the CSR and the cert itself. Not something I have played with much but may very well work for you.
0 Kudos
gamer004_
Contributor
‎06-11-2009 06:23:AM
‎06-11-2009 06:23:AM

Re: Lost CSR

The problem with generating a CSR on the IVE is that when you type random data, you're actually generating a private key. The public part is sent of to the CA. When the original CSR is missing, to my knowledge, your private key is also gone. What you could try:

1. If you have backup ( system.cfg or XML) try to restore. This will restore any pending CSR's as well.

2. Generate a new CSR on for example a Windows CA server. Use the same information as before and mark the private key as exportable. Have your CSR signed by the CA and import the certificate including the private key into your IVE.

Goodluck.

Frank

0 Kudos
careless_
Occasional Contributor
‎06-11-2009 06:45:AM
‎06-11-2009 06:45:AM

Re: Lost CSR

Thanks. I've got a screenshot of the CSR showing the time it was generated, as well as the "random keystrokes" for the original CSR. Would I have sufficient data to re-generate the original private key? If so, how to do it?
0 Kudos
gamer004_
Contributor
‎06-11-2009 07:46:AM
‎06-11-2009 07:46:AM

Re: Lost CSR

The random characters are used as keying input to generate a random private key, so I'm not sure entering the same characters will result in exactly the same private key.

By the way, most signing CA's accept a resign of a CSR when all provided information is exactly identical. So when you lose a private key ( a machine crashes) they sign you newly generated CSR again. The enddate of the cert will stay identical ofcourse....

you could check with your CA....

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.