Click here to get back home

where is client certificate on server usually installed?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
where is client certificate on server usually installed? pg.gupta 08-28-2006
Posted by pg.gupta on August 28, 2006, 8:28 am
Please log in for more thread options
 Hello,

I need to write a service and a configuration program for windows 2000
and windows 2003 servers that can use a digital certificate for client
authentication (for https transactions). In desktop environment, I
would expect the end-user to have installed the client certificate in
the personal store (or user's My certificate store).

In which certificate store do the server administrators typically
install the client certificates? Is it in the Administrator account's
personal certificate store? Would an import functionality to install
the certificate in the machine's personal store be useful?

Can anybody please comment.

Regards.


Posted by Joe Kaplan on August 28, 2006, 5:20 pm
Please log in for more thread options
 Typically, I've seen it installed in the machine store, or the store for the
service account. I think the store for the service account is prefered.

Make sure the process account has permissions on the private key files.
That's where most of the chaos usually comes from when this stuff doesn't
work.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
> Hello,
>
> I need to write a service and a configuration program for windows 2000
> and windows 2003 servers that can use a digital certificate for client
> authentication (for https transactions). In desktop environment, I
> would expect the end-user to have installed the client certificate in
> the personal store (or user's My certificate store).
>
> In which certificate store do the server administrators typically
> install the client certificates? Is it in the Administrator account's
> personal certificate store? Would an import functionality to install
> the certificate in the machine's personal store be useful?
>
> Can anybody please comment.
>
> Regards.
>



Posted by Brian Komar [MVP] on August 28, 2006, 8:15 pm
Please log in for more thread options
pg.gupta@gmail.com says...
> Hello,
>
> I need to write a service and a configuration program for windows 2000
> and windows 2003 servers that can use a digital certificate for client
> authentication (for https transactions). In desktop environment, I
> would expect the end-user to have installed the client certificate in
> the personal store (or user's My certificate store).
>
> In which certificate store do the server administrators typically
> install the client certificates? Is it in the Administrator account's
> personal certificate store? Would an import functionality to install
> the certificate in the machine's personal store be useful?
>
> Can anybody please comment.
>
> Regards.
>
>
It all depends on how you implement the service. I have seen
certificates installed both a machine account certificates (requiring a
local administrator to install the service to allow access) or
implemented with a specific service account and the certificate
installed in the profile of the service account.

As stated in another response, wherever you place the certificate and
private key, an account will reqire access to the key material

Brian

Similar ThreadsPosted
Send Client Certificate February 18, 2008, 10:54 am
Need a HOW TO create a client certificate for partner access August 17, 2005, 4:12 pm
Root certificate authority no longer added to client machines July 14, 2006, 4:05 pm
Newly installed PKI - 2 errors June 14, 2005, 7:22 am
Client to Server Authentication April 5, 2006, 3:57 pm
Need a tool for command line showing installed patches July 10, 2006, 5:09 am
terminal server client question September 9, 2005, 5:52 pm
HELP! Error /w Wireless Client Connecting to Win2003 Server /w IAS, CA November 12, 2005, 4:31 pm
How are derived the crypto keys used in SMB client and server Sign November 27, 2005, 3:41 pm
Issuing of server/client authentication certs from an Ent. CA running on W2k3 Standard Edition May 14, 2007, 2:43 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap