on windows ca: mark privat key for User-Policy as exportable

View Full Version : on windows ca: mark privat key for User-Policy as exportable

=?Utf-8?B?VGltbSBXZXN0ZWR0?=

hello !
we got one Windows 2000 CA Enterprise&Stand-Alone-Policy Module.
The User Certificate request works fine, but if i want to export the users privat key, the wizard told me, the privat key was marked as not exportable.

the kowledgebase say, that there is no privat key in my profile or on my computer, but in outlook i can en-and decrypt all my messages without any problems....... !!??!!!

where can i say that all requestet Certificates an my CA where markt: 'privat key is exportable'
Thankx for your help

Timm Westedt

David Cross [MS]

yuo cannot set this setting in windows 2000, the defaults are hard coded.
windows server 2003 editable templates allows you to set these config values
on a per template basis:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/ws03crtm.asp

--

David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

"Timm Westedt" wrote in message
news:22BCCD4A-E0E9-4DAE-A5DF-14DEBE6F6A1F@microsoft.com...
> hello !
> we got one Windows 2000 CA Enterprise&Stand-Alone-Policy Module.
> The User Certificate request works fine, but if i want to export the users
privat key, the wizard told me, the privat key was marked as not exportable.
>
> the kowledgebase say, that there is no privat key in my profile or on my
computer, but in outlook i can en-and decrypt all my messages without any
problems....... !!??!!!
>
> where can i say that all requestet Certificates an my CA where markt:
'privat key is exportable'
> Thankx for your help
>
> Timm Westedt

DanielW

Actually, you can change this setting. If you use the
website that is created by the Certificate Authority (The
url is usualy http://yourCAserver/certsrv/) And you choose
the advanced options, you can flag the certificate's
private key to be exportable. Once that is done, when you
export your certificate you can choose to export the
private key. The export wizard will ask that you provide
a passcode so that if a person imports that certificate
they will have to provide the passcode in order to import
the private key with it.

Hope this helps!

Daniel W
>-----Original Message-----
>yuo cannot set this setting in windows 2000, the defaults
are hard coded.
>windows server 2003 editable templates allows you to set
these config values
>on a per template basis:
>
>http://www.microsoft.com/technet/prodtechnol/windowsserver
2003/deploy/confeat/ws03crtm.asp
>
>--
>
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>http://support.microsoft.com
>
>"Timm Westedt"
wrote in message
>news:22BCCD4A-E0E9-4DAE-A5DF-14DEBE6F6A1F@microsoft.com...
>> hello !
>> we got one Windows 2000 CA Enterprise&Stand-Alone-
Policy Module.
>> The User Certificate request works fine, but if i want
to export the users
>privat key, the wizard told me, the privat key was marked
as not exportable.
>>
>> the kowledgebase say, that there is no privat key in my
profile or on my
>computer, but in outlook i can en-and decrypt all my
messages without any
>problems....... !!??!!!
>>
>> where can i say that all requestet Certificates an my
CA where markt:
>'privat key is exportable'
>> Thankx for your help
>>
>> Timm Westedt
>
>
>.
>