I have successfully created my makecert generated certificate and used it to
sign my SOAP Request for an Java Axis web service but when the WS authors
actually started checking versus their CA my certificate failed.

1. They are telling me to generate a private key
2. send a csr to them to sign
3. install that certificate and use it to sign my requests.

Can this be done with the tools in .net or do I need open ssl to generate a
private key and CSR? Cant the java WS end use openssl to issue me a
certificate AND private key all in one from their CA?

All the certificates they keep sending back to me dont seem to have a
private key in them when i install in a store and use the tool that comes
with WSE2 to view its private key.

The only CSRs ive ever made w/ windows is for SSL and IIS and i dont wanto
to install a SSL cert into my web-server.

How can I make one of the .PFX files and also have them be able to match
that private key to their CA so that I can load an X.509 with its hash to
sign my requests to thier web service.

Thanks for all who read this
Erik

Heres what you need to do. because we dont have windows cert server.

generate a private key file and csr file using openssl

send that csr to the CA.. get the cert back.

Open the cert in notepad and extract the cert hash (and header and footer)

append the private key hash to that hash (with its header and footer)

save that as a .pem file

covert that to a .p12 file (.pfx) using openssl

install that .p12 using mmc snap in for certificates.