Importing Personal Certificates

  • Thread starter Thread starter Cheryl Fischer
  • Start date Start date
C

Cheryl Fischer

PROBLEM: Cannot import digital certificates while logged
in as anyone other than ADMINISTRATOR - even if the user
has ADMINISTRATOR rights.

How can I get around this? I need to have my individual
users be able to import the certificates so they can send
and receive encrypted mail messages.

If I import the certificates for them as ADMINISTRATOR,
then when they log into the machine as themselves, the
certificates don't show up.

I have already copied the ADMINISTRATOR profile to ALL
USERS and shared the profile to EVERYONE.

Thanks in advance,
Cheryl
 
I have never tried it the way you are doing it. One thing that may help is to copy
the .pfx file that contains the user's private key and certificate to their computer.
The .pfx file will need to be password protected. Then after they logon, have them
open the .pfx file which should import it into their user's store.

Otherwise if you are using an Enterprise CA for w2K, users can request a certificate
through the mmc certificate snapin for users by going to their personal folder, right
clicking and select request certificate. If it is not a Enterprise CA in an Active
Directory domain, they still can use Web Enrollment to request, retrieve, and install
certificates. The link below explains more on that. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp
 
Thanks for your response.

Actually, my CA is on a Novell Netware 6 server and we use
EDirectory, not ActiveDirectory.

I have copied the .pfx file to the pc - it is exported via
Novell CertConsole. The problems are arising when trying
to import them on the Win2K machines. On the Win98
machines they slide right in, but not on the Win2K ones.

Is there any documentation that you know of pertaining to
importing digital certificates on Windows2K? I read the
post you sent the link to, however it requires the CA to
be on a Microsoft server and having ActiveDirectory
running.

Thanks again,
Cheryl
-----Original Message-----
I have never tried it the way you are doing it. One thing that may help is to copy
the .pfx file that contains the user's private key and certificate to their computer.
The .pfx file will need to be password protected. Then after they logon, have them
open the .pfx file which should import it into their user's store.

Otherwise if you are using an Enterprise CA for w2K,
Click to expand...
users can request a certificate
 
microsoft.public.win2000.security news group, Cheryl Fischer
Actually, my CA is on a Novell Netware 6 server and we use
EDirectory, not ActiveDirectory.

I have copied the .pfx file to the pc - it is exported via
Novell CertConsole. The problems are arising when trying
to import them on the Win2K machines.
Click to expand...

You should really be asking this question in a Novell forum then.
 
Hi Cheryl.

I was not aware you were using a Novell CA of which I have zero experience with. You
might want to post in a Novell newsgroup or try to search http://www.google.com web
and groups for " Novell certificates Windows 2000". --- Steve
 
Thanks - I have posted in Novell also, however since the
certificates are being created successfully, and are
importable, I don't think it's the Novell stuff that's
failing. It appears as if it's the "wonderful" Windows
O/S that is causing the problems.

If I can import the certificate logged in as
administrator - then I would assume that the certificate
is valid. If I can import the certificate on Windows 98
and not on Windows 2K, then again, I'm thinking that it
points to the Win2k O/S, not the certificate.

I'll keep looking.

Cheryl
-----Original Message-----
Click to expand...
 
microsoft.public.win2000.security news group, cheryl fischer
If I can import the certificate logged in as
administrator - then I would assume that the certificate
is valid. If I can import the certificate on Windows 98
and not on Windows 2K, then again, I'm thinking that it
points to the Win2k O/S, not the certificate.
Click to expand...

You might want to provide some more information here, such as patch
level of the Windows 2000 computers, and any error messages, event log
entries, etc. Kind of hard to troubleshoot with just "it doesn't work"
type posts.
 
Back
Top