Re: Active Directory User Object certificate store to personal certificate store
From: S. Pidgorny
Date: Sun, 27 Feb 2005 13:07:26 +1100
Password protects a private key, not the certificate.
Active Directory doesn't store private keys. The main goal of certificate
publishing in AD is to make public key available to all other AD clients -
that facilitates S/MIME encryption without perr key exchange, for example.
When you're trying to utilise AD for private key storage, you're looking in
a wrong direction.
However, the keys and certificates are stored in the user profile - you can
have roaming profiles that will follow the users.
I recommend you to look into smart cards instead of "soft" certificates for
-- Svyatoslav Pidgorny, MVP, MCSE -= F1 is the key =- "Rob McShinsky" <List@mcshinsky.com> wrote in message news:euu0La2GFHA.3196@TK2MSFTNGP15.phx.gbl... > Is there a way to move AD published certs to from the Active Directory User > Object cert store to the Personal cert store so that these will follow a > user around from computer to computer so they can be utilized by > applications. At the current time we are not looking at autoenrolling > certificates because we want to have users create High Security certificates > that will require a password before the cert is used for client > authentication. I can see the certs in the AD User Object cert store for > the user logged in but they are not accessable from IE, at least with my > current knowledge. This is where our current PKI test application is. Is > there a GPO setting that will make these accessable within the Personal > store? Is there a way to have an application directly reference the AD User > Object cert store? Is ther another programatic/scripting way to utilize > these certs? Thanks for your guidance on this subject. > > Rob McShinsky > >