Re: no option to export Certificate private key

From: Avi Ben-Menahem [MSFT] (avibm_at_Microsoft.com)
Date: 09/01/04 

Date: Tue, 31 Aug 2004 16:08:02 -0700

Few clarification questions:
1. How are you doing the enrollment?
2. What template are you using?

"seeker01" <seeker01@discussions.microsoft.com> wrote in message
news:2B7AE050-0917-4779-8876-42F8CF4AFA33@microsoft.com...
> Hi,
>
> I am new learning how to setup MS Certificate for Cisco VPN client. The MS
> Certificate runs on Windows 2000 AD with 1 way trust with NT 4 domain.
> Cisco
> VPN client is authenticated agains Cisco Radius Server which looks up the
> external database from NT 4 domain.
>
> VPN clients are able to request for a new certiicate from MS Certificate
> server & logon successfully. BUT, what disappoints me is the generated
> certificate from user's machine is not transferrable to another PC. My
> preference is to prevent users to create their own certificate. I wish all
> certificates to be created & controlled by the administrator. I can export
> the certificate but I am unable to export the user's private key. I guess
> that's the reason why the certificate is not transferrable between
> machines.
> Am I right? But what's wrong with my configuration - why the option of
> exporting the private key is not enabled?
>
> Thanks heaps to whoever that can guide me from here.
>
> Cheerrs.
> Seekr01
>
>

Relevant Pages

  • Generate/Export PKCS #12 certificate from Win2k3 CA
    ... I am using a 3rd party VPN client which requires a PKCS #12 certificate ... certificate on our Win2k3 CA using the User Certificate Template, ... 'Mark keys as exportable' and enabled strong private key protection. ... The format required for the VPN client (from what I've been ...
    (microsoft.public.windows.server.general)
  • Generate/Export PKCS #12 certificate from Win2k3 CA
    ... I am using a 3rd party VPN client which requires a PKCS #12 certificate ... certificate on our Win2k3 CA using the User Certificate Template, ... 'Mark keys as exportable' and enabled strong private key protection. ... The format required for the VPN client (from what I've been ...
    (microsoft.public.windows.server.security)
  • Re: IAS / RRAS
    ... Yes you need a computer certificate on both the VPN and/or IAS server and ... the VPN client computer for lt2p. ... >> You do not have to use IAS. ... >> server. ...
    (microsoft.public.windows.server.networking)
  • Re: Exportable computer certificate
    ... The problem is that you need the Windows Server Enterprise Edition in order ... You can still request a certificate via Web Enrollment even if the computer ... can make a request for an offline ipsec certificate via an advanced ... The ipsec certificate will work fine on the VPN client though the VPN ...
    (microsoft.public.windows.server.security)
  • no option to export Certificate private key
    ... I am new learning how to setup MS Certificate for Cisco VPN client. ... Certificate runs on Windows 2000 AD with 1 way trust with NT 4 domain. ... the certificate but I am unable to export the user's private key. ...
    (microsoft.public.win2000.security)