muzzol wrote: > hi, > > i want to generate a certificate request from command line to send to > an external CA. this is what i use: > > > certutil -S -n "test-server" -s "CN=testserver.example.com" -c "CA > auth" -t "u,u,u" -m 1023 -v 120 -d . > > and i get this error: > > > certutil: unable to retrieve key CA auth: The private key for this > certificate cannot be found in key database > > > i've imported the root cert for CA auth though the GUI but certutil > seems not to find it. > > if i create the request via GUI everything is fine, but i need to use > certutil because i need to pass additional parameters not supported by > the GUI. > > any hints? > -S generates a certificate using a CA from the same database. You want to create a Certificiate Signing Request (CSR). Try this: certutil -R -s "CN=testserver.example.com" -d . -a This will produce a base64-encoded CSR that you can pass along to your CA. rob
