Re: no option to export Certificate private key

From: Avi Ben-Menahem [MSFT] (avibm_at_Microsoft.com)
Date: 09/01/04

• Next message: seeker01: "Re: no option to export Certificate private key"
• Previous message: Miha Pihler: "Re: Changing Network Name"
• Maybe in reply to: Steven L Umbach: "Re: no option to export Certificate private key"
• Next in thread: seeker01: "Re: no option to export Certificate private key"
• Reply: seeker01: "Re: no option to export Certificate private key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 31 Aug 2004 16:08:02 -0700

Few clarification questions:
1. How are you doing the enrollment?
2. What template are you using?

"seeker01" <seeker01@discussions.microsoft.com> wrote in message
news:2B7AE050-0917-4779-8876-42F8CF4AFA33@microsoft.com...
> Hi,
>
> I am new learning how to setup MS Certificate for Cisco VPN client. The MS
> Certificate runs on Windows 2000 AD with 1 way trust with NT 4 domain.
> Cisco
> VPN client is authenticated agains Cisco Radius Server which looks up the
> external database from NT 4 domain.
>
> VPN clients are able to request for a new certiicate from MS Certificate
> server & logon successfully. BUT, what disappoints me is the generated
> certificate from user's machine is not transferrable to another PC. My
> preference is to prevent users to create their own certificate. I wish all
> certificates to be created & controlled by the administrator. I can export
> the certificate but I am unable to export the user's private key. I guess
> that's the reason why the certificate is not transferrable between
> machines.
> Am I right? But what's wrong with my configuration - why the option of
> exporting the private key is not enabled?
>
> Thanks heaps to whoever that can guide me from here.
>
> Cheerrs.
> Seekr01
>
>

---

• Next message: seeker01: "Re: no option to export Certificate private key"
• Previous message: Miha Pihler: "Re: Changing Network Name"
• Maybe in reply to: Steven L Umbach: "Re: no option to export Certificate private key"
• Next in thread: seeker01: "Re: no option to export Certificate private key"
• Reply: seeker01: "Re: no option to export Certificate private key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: CSP in Microsoft VPN client ... When I renewed the root certificate, I believe I did remove the old expired ... root cert. ... did you add the NEW root cert to the VPN CLIENT? ... (microsoft.public.platformsdk.security) RE: CSP in Microsoft VPN client ... did you REMOVE the old root cert? ... did you add the NEW root cert to the VPN CLIENT? ... PPTP VPN tunnel using EAP-TLS certificate based authentication. ... new client cert for the Windows 2003 Std box but it didn't help. ... (microsoft.public.platformsdk.security) Generate/Export PKCS #12 certificate from Win2k3 CA ... I am using a 3rd party VPN client which requires a PKCS #12 certificate ... certificate on our Win2k3 CA using the User Certificate Template, ... 'Mark keys as exportable' and enabled strong private key protection. ... The format required for the VPN client (from what I've been ... (microsoft.public.windows.server.general) Generate/Export PKCS #12 certificate from Win2k3 CA ... I am using a 3rd party VPN client which requires a PKCS #12 certificate ... certificate on our Win2k3 CA using the User Certificate Template, ... 'Mark keys as exportable' and enabled strong private key protection. ... The format required for the VPN client (from what I've been ... (microsoft.public.windows.server.security) RE: CSP in Microsoft VPN client ... A CSP should definitely obey the CRYPT_SILENT flag. ... UI from the Microsoft VPN client. ... What instabilities might occur if the SILENT context ... Protocol using a user certificate. ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)