Public keys encryption [ urgent ]

[Guest]

i am using win2k sever and win2k
i want to encryt using public keys
[ sender :send the msg using public key[ get from receiver ] to encrypt the msg and receiver using prvate keys to decrypt the msg

i have created a certificate from the CA .
And use IPsec policies on local machine to do the senting [ i had done the preshare keys before]

the main problems is that how to transfer the certificate [ import and export]from win2k server to win2k<<< i have try it but abit confuse

I only left the most important part to set up the link btw win 2k server and win2k

i had try to configure and ping >> but it cant detect
preshare keys >> ping can detect

i have read up many thing on the public keys
i dont want extra software like PGP , EFS <<< i want the channel to be fully encryt

Pls help if u done this before ,thanks in advance
The best is to have the guide<<< i read up but all didnt mention the last part

 

[Steven L Umbach]

See the links below on issuing certificates to computers in Windows 2000. In a domain
using an Enterprise CA you can request certificates through the mmc certificate
snapin, via auto enrollment [computer certificates only], or Web Enrollment. If you
are not in a domain, then you also need to import the Certificate Authority
certificate via a .cer file into the computer store of computers than need to trust
certificates from it. A .cer file does not include the private key, so if you need to
export/import the private key also into another computer you need to use the .pfx
file which will ask for a password to protect the private key before it will export
it to a file. For a non domain environment, you can use Web Enrollment to
request/obtain certificates from a CA. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498

i am using win2k sever and win2k
i want to encryt using public keys
[ sender :send the msg using public key[ get from receiver ] to encrypt the msg

and receiver using prvate keys to decrypt the msg

i have created a certificate from the CA .
And use IPsec policies on local machine to do the senting [ i had done the preshare keys before]

the main problems is that how to transfer the certificate [ import and export]from

win2k server to win2k<<< i have try it but abit confuse

 

[Guest]

See the links below on issuing certificates to computers in Windows 2000. In a domain
using an Enterprise CA you can request certificates through the mmc certificate
snapin, via auto enrollment [computer certificates only], or Web Enrollment. If you
are not in a domain, then you also need to import the Certificate Authority
certificate via a .cer file into the computer store of computers than need to trust
certificates from it. A .cer file does not include the private key, so if you need to
export/import the private key also into another computer you need to use the .pfx
file which will ask for a password to protect the private key before it will export
it to a file. For a non domain environment, you can use Web Enrollment to
request/obtain certificates from a CA. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498

if install the certificate on each side that is win 2k server and win 2k
and configure it same technique as preshare keys

under IIS

how to find out that both win 2k server n win 2k
channel are fully encrypt

i have ping on both side and ipsecmon on it but give negotiate feedback.

i want find out what is exact happen on it.

i get the win2k certificate from CA[ obtain from win 2k server ]
and export out than transfer the cert to win 2k and install it

suspect :

1)certificate not same on both side
2)configure problem

 

[Steven L Umbach]

I prefer requesting/issuing the certificates directly to each computer via mmc or Web
Enrollment. If you want to make sure that ipsec is working set each side to have a
require policy. If the connection fails, you know it is not configured right. ---
Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;257225

See the links below on issuing certificates to computers in Windows 2000. In a domain
using an Enterprise CA you can request certificates through the mmc certificate
snapin, via auto enrollment [computer certificates only], or Web Enrollment. If you
are not in a domain, then you also need to import the Certificate Authority
certificate via a .cer file into the computer store of computers than need to trust
certificates from it. A .cer file does not include the private key, so if you need to
export/import the private key also into another computer you need to use the .pfx
file which will ask for a password to protect the private key before it will export
it to a file. For a non domain environment, you can use Web Enrollment to
request/obtain certificates from a CA. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
http://www.microsoft.com/WINDOWS2000/techinfo/planning/security/autocertsteps.asp
http://support.microsoft.com/default.aspx?scid=kb;en-us;253498

if install the certificate on each side that is win 2k server and win 2k
and configure it same technique as preshare keys

under IIS

how to find out that both win 2k server n win 2k
channel are fully encrypt

i have ping on both side and ipsecmon on it but give negotiate feedback.

i want find out what is exact happen on it.

i get the win2k certificate from CA[ obtain from win 2k server ]
and export out than transfer the cert to win 2k and install it

suspect :

1)certificate not same on both side
2)configure problem

 

[Guest]

i am using mms to access the certificate and the ipsec policy management.

i found that the microsoft website seem dont have complete guide.
[ except preshare keys guide]

i have set the configure perhaps might miss one or two setting that is why i need to have a guide for ref.

i notice that the preshare keys setting are slightly same that is why not easy to spot the setting.

In the article althought has alot public keys information but is not a clear guide.

 

[Steven L Umbach]

Here is a good guide at the link below from the Windows 2003 Deployment Kit. It is
for Windows 2003, but from what I can tell it all applies to Windows 2000 also. ---
Steve

http://www.microsoft.com/resources/.../all/deployguide/en-us/DNSBJ_IPS_OVERVIEW.asp
http://tinyurl.com/2v8na --- same link shorter. --- read "Designing an ipsec
policy"
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp --- this
is good also, but basic.

 

[Guest]

ok thansk alot ,i go n take a look

actually i found a good guide anyway but not fully perfect
about ipsec


i wonder why this website gone that create certrificate from the website of microsoft >>> http://sectestcal.rte.microsoft.com

not the CA web site

my basic spect is to create a link from client pc to server pc
using certifcate on the ipsec, instead of preshare keys
this help create a basic encryption for better understanding .

but the note that i have either that pc setting don t have or is explain different story oon it totally not relate

i wasted at least two to solve this problem