Re: Certificate - private keys

From: Neel (
Date: 05/10/03

Date: 10 May 2003 06:58:30 -0700

  I have the following doubts :-
1> Who does the private key encryption? Is it done in the CA or client
machine? Does it get updated in the RSA folder of the client machine,
as soon as the client installs the certificate from the certificate
services web site.


"Vishal Agarwal" <> wrote in message news:<uBPZAtcFDHA.336@tk2msftngp13.phx.gbl>...
> 1. Certificate Authority never gets the private key if you havn't asked for
> archival.
> 2. Yes.
> Thanks,
> Vishal [MSFT]
> --
> This posting is provided "AS IS" with no warranties, and confers no rights
> "Parvathy" <> wrote in message
> > Hi,
> > 1> I want to know whether the certificate issuing authority will
> > retain the private keys of each client after it issues the
> > certificate?
> >
> > 2> What does the key container have? Does it contain both the public
> > keys and private keys?
> >
> > Thanx,
> > Parvathy

Relevant Pages

  • Re: Client Certificates
    ... I hope you are talking about exporting the pfx file on the CLIENT machine ... The way PKI certificate generation usually works is the following: ... - CA signs that information (i.e. encrypts the hash of that info with its own private key) ...
  • Re: LDAP and SASL
    ... Getting client certficates to work under ASP.NET is a bit of PITA because ... The private key needs to be ... What I would suggest doing would be to export the certificate and private ... >>> Dim searcherLdap As New DirectorySearcher ...
  • Re: HttpWebRequest failure with TLS
    ... My guess is that you are going to want it in the machine store as the ... account your web service client is running under will eventually change to ... private key associated with it in the cert properties dialog. ... certificate should go in the personal store. ...
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
  • RE: SSL and IPS (was RE: ssh and ids)
    ... need is the private key of one party (provided here by key escrow, ... > session key, they still won't have the next session key. ... > cryptography here, folks... ... >> key for client certs too. ...