Re: Certificates on Floppy Disk?
From: Marc (Marc.VanSchandevijl_at_-removethis-ping.be)
Date: 09/02/04
- Next message: J. Brant Wheetley: "Hide folder but still read data from it."
- Previous message: Riane de Oliveira Torres Santos: "Re: Problem With Login Null"
- In reply to: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Next in thread: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Reply: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 2 Sep 2004 15:44:44 +0200
I've stumbled into a problem:
select "mark keys as exportable"
This option is greyed out.
What could be the reason?
Marc
"Steven L Umbach" <n9rou@nospam-comcast.net> schreef in bericht
news:%23jeR5cEkEHA.2908@TK2MSFTNGP10.phx.gbl...
> If you want to place the computer certificates on a floppy or email them
to the users
> follow these steps. This is assuming the use of an Enterprise CA and may
differ for a
> stand alone CA. Ipsec offline template needs to be added in the
Certificate Authority
> Management Console via policy settings/new - certificate to issue.
>
> -- Enable Web Enrollment on your CA and logon to it as an administrator.
You can use
> the computername as in http://CAservername/certsrv.
>
> -- Select request a certificate then next, select advanced request then
next, select
> submit a certificate to this CA then next.
>
> -- For certificate template select router (offline request). In
identifying
> information under name type the name of the computer you are requesting
for using the
> fully qualified domain name if in an AD domain as in
computer1.mydomain.com. The
> rest of the information in identifying information is optional. Under key
options
> select "mark keys as exportable" [ do not select export keys to a file]
and select
> "use local machine store". Them select submit ant the bottom of the page.
>
> -- The next page should sow that the certificate you requested was issue
to you and
> give you the option to install this certificate which you want to do. You
may receive
> warning messages along the way, just OK those messages.
>
> -- After done requesting certificates, go to your computer certificate
store by using
> mmc and selecting add snapin for certificates for computer account. Go to
the
> personal/certificates folder and you should see the certificates you
issued and
> installed. Right click one of those certificates and select all
tasks/export. The
> export wizard will start. Select next and choose yes for export the
private key and
> unselect enable strong protection as user will have to enter private key
password
> every time the private key is used unless you want that feature. Select
next and
> enter a password for the private key which will need to be communicated to
the end
> user in order to open the .pfx file you are going to create. The select a
filename
> and browse to where you want to save it. Select finish and you should get
a message
> that the export was successful.
>
> -- You can now distribute that file to the user that needs it. The will
open the file
> and need to enter the password you used to protect the private key. The
wizard will
> automatically install the private key/certificate. I have noticed that it
may install
> in the wrong store - user instead of computer and the certificate will not
work for
> L2TP. If that happens instruct the user to open their mmc snapin for
computer store
> to see if the certificate is present. If it is not, they will have to go
to the
> personal folder for the computer store and select import and then browse
to the .pfx
> file to install it to the computer store.
>
> -- The computer will also need to have the certificate for your
Certificate Authority
> in their Trusted Root CA folder in the mmc snapin for computer accounts.
You can
> easily export your CA certificate [no need for private key] to a .cer file
and
> distribute that to users also to import into their computer. If they open
the file
> the wizard should automatically install that certificate for your CA in
the right
> folder. --- Steve
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:OK$TuxDkEHA.3664@TK2MSFTNGP12.phx.gbl...
> > You can use Web Enrollment and have user request the machine certificate
that way,
> > though the user will need to be in the local administrator group and do
an advanced
> > request for router offline certificate and select install to local
machine store
> > [at least if using an Enterprise CA - may differ a bit for standalone
CA]. If this
> > is an Enterprise CA you will first have to enable the CA to issues the
offline
> > ipsec certificate. The link below may help. --- Steve
> >
> >
http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
> >
> > "Marc" <Marc.VanSchandevijl@-removethis-ping.be> wrote in message
> > news:u5FigHDkEHA.2908@TK2MSFTNGP10.phx.gbl...
> >>I want to implement L2TP with a Certificate Server on SBS 2003.
> >>
> >> Normally to distribute the certificates to the clients, these have to
be
> >> connected to the network. Is there no other way? F.e. copying the
> >> certificate on a CD or Floppy, and then distributing the certificate to
the
> >> client-Pc with this CD/Floppy...
> >>
> >> How can this been done?
> >>
> >> Marc
> >>
> >>
> >
> >
>
>
- Next message: J. Brant Wheetley: "Hide folder but still read data from it."
- Previous message: Riane de Oliveira Torres Santos: "Re: Problem With Login Null"
- In reply to: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Next in thread: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Reply: Steven L Umbach: "Re: Certificates on Floppy Disk?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
