Re: Certificate Stores

From: David Cross [MS] (dcross@online.microsoft.com)
Date: 09/02/02 

From: "David Cross [MS]" <dcross@online.microsoft.com>
Date: Mon, 2 Sep 2002 07:33:51 -0700

The general rule is that if you import a private key with the cert (example
a PFX file) - it will go into the user personal store known as the "MY"
store.

If there is no private key, and the cert is self signed, but it is not a
root CA cert, it will likely go into the trusted people store.

If there is no private key, and the cert is not self signed, it will likely
go into the intermediate store.

If there is no private key, and the cert is self signed, and it is a root CA
cert, it will likely go into the trusted root store.

These are the current rules for XP. 

--
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"mawatte" <mawatte@yahoo.com> wrote in message
news:10f7601c251e2$3f127c30$39ef2ecf@TKMSFTNGXA08...
> What are the rules used to determine where the certificate
> is stored, for instance, one can assume that if the issuer
> and the subject are the same, it would be stored in the
> root store since it would be self signed. What are the
> rules that is used by MS to determine where intermediate,
> personal, other certs are stored.
>
> What happens when certs are issued that are meant for
> email, but because there is something different about the
> cert, MS may put it in the intermediat store when it
> really should be placed in the personal store.
>
> Can you supply what rules are currently used?
>
> mawatte
>
>
>
> >-----Original Message-----
> >The rules are sometimes difficult to get always right or
> articulate.  What
> >would you like to know?
> >
> >--
> >
> >
> >David B. Cross [MS]
> >
> >--
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >http://support.microsoft.com
> >
> >"mawatte" <mawatte@yahoo.com> wrote in message
> >news:cbd201c25148$2bedb8d0$9ae62ecf@tkmsftngxa02...
> >> What are the rules for storing certs in the various cert
> >> stores, via IE, etc.  e.g. Root, Intermediate, Personal.
> >>
> >> If I import a cert and allow IE to automatically,
> install
> >> the cert, it may put it in the intermediate when it it's
> >> supposed to be a personal cert.
> >>
> >> thanks
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: Alternative store vs. MY store
    ... I don't think copying the cert to ... the private key to leave my alternative physical store--which is a USB flash ... store both the client cert and its associate private key on my USB memory ... article "The Smart Card Cryptographics Service Provider Cookbook" which has ...
    (microsoft.public.platformsdk.security)
  • Re: Alternative store vs. MY store
    ... store both the client cert and its associate private key on my USB memory ... your codes (CSP, ... indirect call to your CSP when one of your cert is involved in an operation. ...
    (microsoft.public.platformsdk.security)
  • Re: Alternative store vs. MY store
    ... >> keep the private key on the memory card all the time. ... > must so start to copy your certs to the store, ... > indirect call to your CSP when one of your cert is involved in an operation. ...
    (microsoft.public.platformsdk.security)
  • Re: The remote server returned an error: 403 Forbidden
    ... I still having the same error after i installed Hotfix from Microsoft ... and the cert. ... > the CAPI store. ... >> Does the certificate in the store say it has a private key associated ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do you associate private key with import cert?
    ... I want to generate and store a cert and private key so I can use them to ... I need access to the cert and private key). ... > Your command below should generate a new certificate ...
    (microsoft.public.dotnet.security)