Re: EFS

From: Herb Martin (news_at_LearnQuick.com)
Date: 06/08/05 

Date: Wed, 8 Jun 2005 09:55:18 -0500

Keys can be marked as either exportable OR NOT, when
the certificate is created. It is part of the Certificate Policy
whether to allow the choice usually. 

-- 
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"Roland Hübner" <RolandHbner@discussions.microsoft.com> wrote in message
news:86145DEF-A4A9-4498-BDA0-4BC1D32650E8@microsoft.com...
> Hallo,
> I have installated on my Windows 2000 Server a "Enterprice root CA".
> I open the mmc on a Workstation with the Certificate Snap-In. I select
> "Certificate Manager" then "Active Directoy User Opject".  Now, appears my
> Certificate of efs.
> If I want to export this certificate then I cannot to select the private
Key.
> Under "Certificate Manager" "Personal" isn`t a certificate. I can create
> under "Personal" my own certificate of efs, I open the "Internet explorer"
> and my address of Root CA, for excample: http://servername/certsrv. I
create
> a certificate of efs with a "private Key" that can I export. Problem: If I
> create a File on the Server und encryption this file, then will encrytion
> this file with Certifivate under "Active Directory User Opject.
> Why? Can I configure the CA, that takes my own Certificate?
> Or, Can I of Administrator to create a Certificate with a "private key" of
> export and this is available on the Domäne? Or I must delete the
EFS-Template?
> Thank you!
>
> "Roland Hübner" schrieb:
>
> > Hallo,
> > I have a Windows 2000 Server with Active Directory and 10 Clients. Now,
I
> > want to Data encryption on the Server. I have installed on a Windwos
2000
> > Server a CA. A User from a Workstation can encryption a File, this is
ok. The
> > User allocate gets the Certificate.
> > Therewith, the System very safely the User  want to safe the private key
on
> > a Disk.
> > But, I cannot export the private key. This function cannot selected.
> > What can I do, at the Private key to export?

Relevant Pages

  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Certificate key access under Network Service in IIS 6
    ... Haven't done that because I've been remoted in to the customer's server. ... It is likely the private key file but might be a registry key as well. ... I can get the signing process to work if I have the IIS Application Pool configured to run under SYSTEM but running under the preferred NETWORK SERVICE account the private key access of the certificate fails. ...
    (microsoft.public.dotnet.security)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: IIS 6.0 SSL Certificate Difficulties
    ... that is just a plain text file with encrypted detail of your server detail. ... do you export the private key as well? ... > certificate from the IIS Snap-in it says that "You have a private key that ... > Another symptom is that when we create the request on the 2003 server, ...
    (microsoft.public.inetserver.iis)
  • Re: Private key generation
    ... Some encryption schemes (like f.e. ... identity based encryption) simply requires generation of private key on server... ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)