Re: Problem with CA

From: Niro (niro_at_OPTONLINE.NET)
Date: 04/21/04 

Date: 21 Apr 2004 15:42:14 -0500

Also...in AD, the "trust computer for delegation" option is enabled on
the file server.

-Mike

On 21 Apr 2004 15:32:16 -0500, Niro <niro@OPTONLINE.NET> wrote:

>I've recently installed a CA in our windows 2003 domain and I'm having
>a few problems with EFS certificates.
>
>This is a windows 2003 domain using local profiles (not roaming).
>
>I requested a certificate from the CA from my workstation and
>installed it. So now I have a certificate on my PC (call it PC A)
>under my profile (call it USER A) with a private key...thumbprint
>starts with 1E8F, this is varified with efsinfo /Y which displays the
>right thumbprint...and encrypting files on PC A works properly...the
>file gets the right certificate thumbprint (verified with efsinfo /C).
>
>Now, I export the certificatate on PC A to a file with the private key
>and login to the file server (PC B) as USER A. I then import the
>certificate with the private key, and the PC now has the proper
>certificate, using efsinfo /Y to verify that the certificate
>thumbprint is the 1E8F certificate.
>
>Now PC A and PC B have USER A's local profiles with the certificate
>including the private key.
>
>The problem I'm having is when I'm logged in to PC A, I encrypt a file
>on a shared folder in PC B...but the certificate thumbprint on that
>file is something completely different (starts with 68ED for example).
>I have no idea where it's getting this thumbprint, I checked the
>certificates on both PC A and PC B and can't find a certificate
>matching that thumbprint. Also...when logged in to PC B (after
>encrypting the file from PC A) I can't access that file.
>
>If I encrypt a file on PC B from PC B...I can access it fine from PC B
>but not from PC A...and the file thumbprint when encrypting from PC B
>is the right thumbprint...1E8F.
>
>So what am I doing wrong??
>
>Thanks,
>Mike

Relevant Pages

  • RE: EFS File Share Help
    ... And your roaming profile cannot work properly. ... If user tries to encrypt a remote file/folder stored ... user, and subsequently requests, or generates a self-signed EFS ... The certificate and private key are loaded in a local profile ...
    (microsoft.public.windows.server.sbs)
  • Re: Security flaw in how Outlook verifies digital signatures
    ... > Security Flaw with Digital signatures in Microsoft Outlook - ... > Emails in Microsoft Outlook digitally signed with S/MIME using either ... > a commercial personal certificate like Verisign or using a certificate ... whom the certificate was assigned that used it to sign or encrypt the ...
    (microsoft.public.outlook)
  • Re: About EFS and local certificate that I want to export in SBS
    ... It's probably not a good practice to let users encrypt data otherwise, ... It's a two-second thing to install the CA - on the SBS ... I just have to do what you say if I have a certificate authority ...
    (microsoft.public.windows.server.sbs)
  • Re: Public Encryption Key
    ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...
    (sci.crypt)
  • Re: Public Encryption Key
    ... encrypt the message with the recipient's public key (or ... the two can be combined by: first do a digital signature of the ... certificate, certifying the validity of the assertion (ex: ...
    (comp.security.misc)