Re: Exporting/ importing certificates

From: Drew Cooper [MSFT] (dcoop_at_online.microsoft.com)
Date: 02/03/04 

Date: Mon, 2 Feb 2004 17:07:58 -0800

Sorry - I guess I didn't see "import successful" in the earlier thread.

I wonder if somehow there's already a copy of the cert in the store that's
archived. That would lead to a successful import but I don't believe IE
would show the cert and the mmc snapin would only show it if
"View->Options->Archived Certificates" was checked. 

-- 
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Ed Campbell" <anonymous@discussions.microsoft.com> wrote in message
news:870701c3e917$6cb00360$a601280a@phx.gbl...
> In consideration for the comment about error messages,
> there are none. Although I thought that was implied by
> the "Import Successful" message.
>
> Mitch,
>
> If we specified what store to put it in (either physical
> or not), the import happens successfully, however, it
> does not show up in the store after pressing the "OK"
> button. Now, if you open your Certificate store with the
> MMC snap-in, you can see it. It just does not show up in
> IE. It is very bizarre. Again, this is a hit and miss
> situation, working with some and not with others.
>
> Thanks,
> Ed
> >-----Original Message-----
> >No, when I explicitly request (in GUI) to put cert in
> >Personal store it says job succesful but it does not put
> >the cert in any store. However if I do not specify a
> store
> >it places it automatically in 'Intermediate Certificate
> >Authorities' which is of no use.
> >Likewise if I run install cert (off the exported file)
> the
> >same thing happens.
> >-Pat W
> >>-----Original Message-----
> >>You can usually specify in the cert import dialog where
> >you want the cert
> >>to be placed.  Are you saying that when you explicitly
> >request (in GUI) to
> >>put cert in Personal store, it places it elsewhere?
> >>- Mitch
> >>
> >>"Drew Cooper [MSFT]" <dcoop@online.microsoft.com> wrote
> >in message
> >>news:OUR2Mit5DHA.2576@TK2MSFTNGP11.phx.gbl...
> >>> An error message would help someone figure out what
> >went wrong.
> >>>
> >>> Also - is this only a problem when you import using
> IE,
> >or does the import
> >>> also fail when you just double-click the .cer file
> >(which starts the cert
> >>> import wizard)?
> >>> -- 
> >>> Drew Cooper [MSFT]
> >>> This posting is provided "AS IS" with no warranties,
> >and confers no rights.
> >>>
> >>>
> >>> "Ed Campbell" <anonymous@discussions.microsoft.com>
> >wrote in message
> >>> news:701801c3e6cc$f0728620$a401280a@phx.gbl...
> >>> > Hi Mitch,
> >>> >
> >>> > The problem here is that whether or not you export
> the
> >>> > certificate from IE, the X.509 (.cer) file will not
> >>> > always import into IE's Personal Certificate store.
> It
> >>> > seems to be very hit and miss. Sometimes it works
> and
> >>> > sometimes it doesn't. I have tested this on at
> least
> >two
> >>> > installations where the patch level is that same on
> >each
> >>> > IE, it works on one 100%, it does not work on the
> >other.
> >>> > In this case Win2k with latest SP's and Patches.
> >There is
> >>> > no software installed apart from normal office
> apps,
> >so
> >>> > should not hinder this in any way. No plugins or
> other
> >>> > software have been applied to IE and the problem is
> >not
> >>> > limited to any particular version of IE, although
> only
> >>> > v5.5SP2 or higher was used.
> >>> >
> >>> > Any help would be grateful.
> >>> >
> >>> > Ed
> >>> >
> >>> >
> >>> >
> >>> >
> >>> > >-----Original Message-----
> >>> > >What is the error message? Or is the "Export"
> option
> >>> > blanked
> >>> > >out?
> >>> > >Don't have an NT box handy but I remember doing
> this
> >>> > before
> >>> > >without any problem.
> >>> > >- Mitch
> >>> > >
> >>> > >"Pat Woulfe" <anonymous@discussions.microsoft.com>
> >wrote
> >>> > in message
> >>> > >news:621001c3e661$3b6692a0$a101280a@phx.gbl...
> >>> > >> Mitch
> >>> > >> Thanks for the reply
> >>> > >> I'm exporting public Certificate only
> >>> > >> Private Cert key is not 'exportable'
> >>> > >> I'm using Windows NT..should have stated this.
> >>> > >> Does this change your original response?
> >>> > >> Thanks Pat
> >>> > >> Does this
> >>> > >> >-----Original Message-----
> >>> > >> >Are you just exporting the public certificate,
> or
> >are
> >>> > you
> >>> > >> talking about
> >>> > >> >exporting the cert with public&private key?
> >>> > >> >
> >>> > >> >You should be able to export any public
> >certificate
> >>> > from
> >>> > >> your Windows
> >>> > >> >"Certificate Stores" via IE Windows certs
> panels
> >(and
> >>> > >> Certs Snapin for W2k+).
> >>> > >> >You can export in X509/pkcs format as either
> >binary
> >>> > der or
> >>> > >> >b64 encoding of the binary der.
> >>> > >> >
> >>> > >> >If you are talking about exporting the private
> >>> > >> certificate key also, you can only
> >>> > >> >do that if the key was marked as "Exportable"
> >when it
> >>> > was
> >>> > >> generated or imported
> >>> > >> >to your system. If it is marked as exportable,
> >the IE
> >>> > >> certs export GUI provides
> >>> > >> >a checkbox for that. In that case, the cert +
> >private
> >>> > key
> >>> > >> is exported in protected
> >>> > >> >pfx  (pkcs#12) format file.
> >>> > >> >
> >>> > >> >- Mitch Gallant
> >>> > >> >
> >>> > >> >
> >>> > >> >"Pat Woulfe" <pwoulfe@eircom.net> wrote in
> message
> >>> > >> news:5d1801c3e5c1$af7e6190$a001280a@phx.gbl...
> >>> > >> >> I'm unable to export / import digital
> >certificates
> >>> > from
> >>> > >> >> one windows pc to another pc also with
> windows.
> >>> > >> Microsoft
> >>> > >> >> recommends using the PKCS #7 format.
> >>> > >> >> 1 Can this be done ?
> >>> > >> >> 2. If so what is the correct procedure
> >>> > >> >> Thanks
> >>> > >> >> Pat
> >>> > >> >
> >>> > >> >
> >>> > >> >.
> >>> > >> >
> >>> > >
> >>> > >
> >>> > >.
> >>> > >
> >>>
> >>>
> >>
> >>
> >>.
> >>
> >.
> >