Re: Install certificate in personnal store
From: Michel Gallant \(MVP\) (neutron_at_istar.ca)
Date: 05/28/03
- Next message: Matjaz Ladava: "Re: allow non admin to logon to dc"
- Previous message: Craig Richardson: "Lockouts"
- In reply to: Cranky: "Install certificate in personnal store"
- Next in thread: Cranky: "Re: Install certificate in personnal store"
- Reply: Cranky: "Re: Install certificate in personnal store"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 May 2003 10:13:28 -0400
The certificates as viewed from IE certs panel does some filtering
on what certs are visible.
For example, i believe if you import into the MY (Personal) cert store,
the certificate will only be visible if you have the associated private
key on your system (that is really what the MY store is intended for).
If you import certs without a private key, it is best to put them into
the AddressBook ("Other") store if they are user certs (not root CA certs).
The fact that IE certs views DOES filter certificates shown does not
seem to be well documented anywhere.
You can view ALL certs and ALL system certificate stores using
the Certificates Console snapin (Win2000+).
- Michel Gallant
MVP Security
"Cranky" <crankykong21@hotmail.com> wrote in message
news:3ed4a46c$0$11123$ba620e4c@reader0.news.skynet.be...
> Hello,
> I use the enrollment station to request a certificate (for smartcard logon).
> I choose the template SmarcardUser so I can also use my certificate to sign
> email with Outlook.
>
> After the enrollment, I have a RSA key pair and the certificate on my smart
> card.
> With PKCS #11 I can read the value of the certificate object and then create
> a *.cer file with this value.
>
> So I have exported my certificate from the smart card to a *.cer
>
> Now, I would like to install this certificate (*.cer) in the personnal store
> of my computer.
> So I double click on the *.cer -> Install Certificate.
> In the wizard to install the certificate, if the wizard choose automatically
> the store, the certificate is placed in the store intermediaray authority
> and not in the personnal store. (I can see that with IE).
>
> If I choose myself the store, when I choose "Personnal store" and then I
> press Finish to install the certificate.
>
> Then I have a message that say me that the importation was successfull but
> when I use IE to see the list of certificate in the personnal store, I can
> not see the certificate that I just come to install.
>
> And another problem but I think they are linked, when I double click on the
> *cer file, normally if I have the private key corresponding to the
> certificate, I think I must have a message "You have a private key
> corresponding to the certificate".
> But here I don't have this message.
>
> And then when I try to use this certificate in Outlook to sign a message, I
> have an error when the message is sended ... "An error has occured"
>
> So why isn't my certificate installed in the personnal store ?
>
> Thanks a lot for your help
>
>
- Next message: Matjaz Ladava: "Re: allow non admin to logon to dc"
- Previous message: Craig Richardson: "Lockouts"
- In reply to: Cranky: "Install certificate in personnal store"
- Next in thread: Cranky: "Re: Install certificate in personnal store"
- Reply: Cranky: "Re: Install certificate in personnal store"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
