Where is the private key after using certreq for CSR generation on Windows 10?

I tried to follow the website below for instructions on how to generate the CSR for my web server:

http://www.entrust.net/knowledge-base/technote.cfm?tn=8649

However, it only generates the CSR. Where is the private key? I was told that the key is generated at the time of CSR generation.

I am using Windows 10. I plan to use node.js Express. Are there alternative tools we can use to generate CSR on Windows 10?


Solution 1:

It's stored in the Windows certificate store. When you import the signed certificate, you will find you have a corresponding private key. It matches them by modulus, if I recall.

You can get a list of the private keys you have as a result of certificate enrollment requests (such as you made with certreq) by running certmgr.msc for the computer account (or simply certlm.msc for Windows 2012R1 or Windows 8 onwards).

The keys are in the Certificate Enrollment Requests folder.

The easiest thing to do if you need to use the certificate without using the API is to import the certificate, export it, and use openssl to transform the resulting PKCS5 into a PEM certificate and key.

You can also use openssl to generate keys and certificate requests, and if you plan to use them in PEM format on the filesystem rather than using the Windows API, you might as well do that.