Re: no option to export Certificate private key
From: seeker01 (seeker01_at_discussions.microsoft.com)
Date: 08/31/04
- Previous message: Steven L Umbach: "Re: no option to export Certificate private key"
- In reply to: Steven L Umbach: "Re: no option to export Certificate private key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Aug 2004 22:35:07 -0700
Steve, Thanks very much for your assistance. If we can not export the private
key, does it mean the machine needs to request a new certificate if one day
it crashes hence needs rebuilt? I always treat the export function as some
sort of "backup/restore" purpose too - as I have seen many online documents
about exporting keys.
Rgds,
Seeker01
"Steven L Umbach" wrote:
> You would not want to export the certificates/private keys anyhow - they are issued
> to computer names as shown on the certificate. You can control what computer get
> certificates by enabling auto enroll at the OU level where you put the computers you
> want to receive a machine certificate, even temporarily and you can also control what
> computers receive certificates by configuring security on the certificate template in
> AD Sites and Services where you have to select view/show services node first. Then
> for example go to the machine template and view properties/security where you will
> see that domain computers have the enroll permission.You could add domain computers
> to a global group that you want to receive that certificate and replace domain
> computers with your global group for enroll permissions. -- Steve
>
>
> "seeker01" <seeker01@discussions.microsoft.com> wrote in message
> news:2B7AE050-0917-4779-8876-42F8CF4AFA33@microsoft.com...
> > Hi,
> >
> > I am new learning how to setup MS Certificate for Cisco VPN client. The MS
> > Certificate runs on Windows 2000 AD with 1 way trust with NT 4 domain. Cisco
> > VPN client is authenticated agains Cisco Radius Server which looks up the
> > external database from NT 4 domain.
> >
> > VPN clients are able to request for a new certiicate from MS Certificate
> > server & logon successfully. BUT, what disappoints me is the generated
> > certificate from user's machine is not transferrable to another PC. My
> > preference is to prevent users to create their own certificate. I wish all
> > certificates to be created & controlled by the administrator. I can export
> > the certificate but I am unable to export the user's private key. I guess
> > that's the reason why the certificate is not transferrable between machines.
> > Am I right? But what's wrong with my configuration - why the option of
> > exporting the private key is not enabled?
> >
> > Thanks heaps to whoever that can guide me from here.
> >
> > Cheerrs.
> > Seekr01
> >
> >
>
>
>
- Previous message: Steven L Umbach: "Re: no option to export Certificate private key"
- In reply to: Steven L Umbach: "Re: no option to export Certificate private key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
