Re: Computer Certificate Private Key

---

• From: "Brian Komar" <brian.komar@xxxxxxxxxxxxxxxxx>
• Date: Sun, 9 Dec 2007 09:31:53 -0600

---

Actually
The computer account is authenticating to the domain. *You* have decided to export a private key and import it on a non-trusted host (based on the tone of your response).
It is not a security breach if *you* decide to put the private key on the offending host.
Now, you see why the key is non-exportable
Brian

"Mr.B" <MrB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:6CCF2445-5EF1-4E54-8A5F-F2C14BD7346A@xxxxxxxxxxxxxxxx

Interested.
I have set up 802.1x. I will test it tomorrow. SO i can excepted that
computer will be authenticated with 802.1x. So computer get in to private
network, but it does not authenticate to domain. But that is security birch.
Problem is that I use v1 computer template, and I don’t now, how to make
automotive request, with option, do not export private can, or make it
exportable….


"Alun Jones" wrote:

"Mr.B" <MrB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C70A8D7E-E75E-45ED-834B-D8ADB05521CE@xxxxxxxxxxxxxxxx
> By default, if i set up auto enrollment for computer certificate, i can
> from
> computer export private key.
> What would happened, if i import these key to different computer.
> If I use different computer and i tried to authenticate, to IAS, would > it
> exempted as valid ?

Cryptography assumes that if you have the private key, you are the
individual or computer identified as associated with that key.

However, the recipient of a signed key exchange (in this case, IAS) might
note that your computer is trying to authenticate as a computer name other
than that with which it passed NTLM authentication. In such a case, it would
almost certainly fail the authentication.

Alun.
~~~~

.

---

• Follow-Ups:
  • Re: Computer Certificate Private Key
    • From: Mr.B

• References:
  • Re: Computer Certificate Private Key
    • From: Alun Jones
  • Re: Computer Certificate Private Key
    • From: Mr.B

• Prev by Date: Re: Computer Certificate Private Key
• Next by Date: Re: Your user profile was not loaded correctly using Vista Business
• Previous by thread: Re: Computer Certificate Private Key
• Next by thread: Re: Computer Certificate Private Key
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Computer Certificate Private Key ... Only v2 certificate templates give you the control that you desire. ... I have auto enrollment for computer template. ... It is not a security breach if *you* decide to put the private key on the ... >>> If I use different computer and i tried to authenticate, to IAS, ... (microsoft.public.security) Re: Computer Certificate Private Key ... I have auto enrollment for computer template. ... It is not a security breach if *you* decide to put the private key on the ... If I use different computer and i tried to authenticate, to IAS, would ... However, the recipient of a signed key exchange (in this case, IAS) might ... (microsoft.public.security) Re: X509 certificates with ssh ... The keytool utility does not allow you to ... extract the private key from it's Java Key Store file. ... >> can authenticate to an account I have on another system. ... I did not find a canonical way to extract a public key ... (comp.security.ssh) Encrypting name and password ... I'm build a windows application where I pass the user id and password to WS ... information using the private key to authenticate the user. ... Prev by Date: ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Computer Certificate Private Key ... If I use different computer and i tried to authenticate, to IAS, would it ... Cryptography assumes that if you have the private key, ... almost certainly fail the authentication. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)