on windows ca: mark privat key for User-Policy as exportable

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

hello !
we got one Windows 2000 CA Enterprise&Stand-Alone-Policy Module.
The User Certificate request works fine, but if i want to export the users privat key, the wizard told me, the privat key was marked as not exportable.

the kowledgebase say, that there is no privat key in my profile or on my computer, but in outlook i can en-and decrypt all my messages without any problems....... !!??!!!

where can i say that all requestet Certificates an my CA where markt: 'privat key is exportable'
Thankx for your help

Timm Westedt
 
yuo cannot set this setting in windows 2000, the defaults are hard coded.
windows server 2003 editable templates allows you to set these config values
on a per template basis:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/ws03crtm.asp

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Timm Westedt said:
hello !
we got one Windows 2000 CA Enterprise&Stand-Alone-Policy Module.
The User Certificate request works fine, but if i want to export the users
Click to expand...
privat key, the wizard told me, the privat key was marked as not exportable.
the kowledgebase say, that there is no privat key in my profile or on my
Click to expand...
computer, but in outlook i can en-and decrypt all my messages without any
problems....... !!??!!!
 
Actually, you can change this setting. If you use the
website that is created by the Certificate Authority (The
url is usualy http://yourCAserver/certsrv/) And you choose
the advanced options, you can flag the certificate's
private key to be exportable. Once that is done, when you
export your certificate you can choose to export the
private key. The export wizard will ask that you provide
a passcode so that if a person imports that certificate
they will have to provide the passcode in order to import
the private key with it.

Hope this helps!

Daniel W
-----Original Message-----
yuo cannot set this setting in windows 2000, the defaults are hard coded.
windows server 2003 editable templates allows you to set these config values
on a per template basis:

http://www.microsoft.com/technet/prodtechnol/windowsserver 2003/deploy/confeat/ws03crtm.asp

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

hello !
we got one Windows 2000 CA Enterprise&Stand-Alone- Policy Module.
The User Certificate request works fine, but if i want
Click to expand...
to export the users
privat key, the wizard told me, the privat key was marked as not exportable.
the kowledgebase say, that there is no privat key in my
Click to expand...
profile or on my
computer, but in outlook i can en-and decrypt all my messages without any
problems....... !!??!!!
where can i say that all requestet Certificates an my
Click to expand...
CA where markt:
'privat key is exportable'
Thankx for your help

Timm Westedt
Click to expand...


.
Click to expand...
 
Back
Top