Re: How do I make a local machine client certificate available to all users?

What are you trying to accomplish?

Are you trying to install one client certificate on machine and have
all users logged into that machine automatically use that certificate
to make a SSL request to your server? Because if so, what you want is
very contrary to the whole security design of a client certificate.

The whole purpose of client certificate is proof of identity. If you
have multiple users that can use the same certificate, you might as
well not bother requiring client certificates in the first place.

Unless you are trying to enforce the requirement that only certain
machines with client certificates, used by anyone, can access your
server, but you can do that in other ways, like with IPSec.

So... can you please describe what you are actually trying to do?


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//




Assimalyst wrote:
Hi,

Using Windows Server 2003, i have set up a standalone certificate
using the certsrv tools.

When a client machine registers you can use the advanced form to 'Store
Certificate in Local Computer Certificate Store'.

This all works as intended when the client machine registers, but when
a user logs on to the site using IE6 they still are met with the 'The
page requires a client certificate' web page.

I know i can export the local machine store certificate and then import
per user through IE, but is there an easier way to do it? Ideally i
want all users on a particular machine to automatically use the local
computer stored certificate without need for individual IE install.

Thanks for your help.

.

Relevant Pages

  • Re: Unable to unwrap a symmetric key using the private key of an X.509
    ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ... You should install the certificate in the "Personal" store. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Programmatically installing Client Root Certificates
    ... You install root certificates into the "root" store. ... the certificate to the root store. ...
    (microsoft.public.platformsdk.security)
  • Re: RPC over HTTP 1st time w/ Vista - Trouble installing Certificate
    ... And do NOT select automatic store - you need to put it in the Root store. ... The reason is that the elevated user is not the same as the regular user, and the default is to put it in the user's store. ... From waht i can tell everything is setup correctly, but the only thing that isn't going as planned is the installation of the certificate. ... Normally I have the user go to the mail.mycompany.com/exchange and install the certificate at the warning that pops up. ...
    (microsoft.public.windows.server.sbs)
  • Importing a PFX file using X509Certificate2 from ASP fails
    ... An administrator on the machine where the ASP.NET/COM+ application runs should install the certificate in the machine certificate store, ... The ASP.NET/COM+ application code should use the installed certificate rather than attempt to install one from a PFX file. ...
    (microsoft.public.dotnet.security)
  • Re: Error using SSL cert (Could not establish secure channel for SSL/TLS)
    ... the problem was I couldn't install the .der cert into the ... When I used a .p12 certificate instead, ... install it in the "Personal" store. ...
    (microsoft.public.dotnet.framework.aspnet.security)