Solved

msoft certification authority

Posted on 2004-08-16
5
245 Views
Last Modified: 2010-04-11
We are using EAP-TLS for our wireless network. And were wondering, when a user makes a request for a certificate to authenticate they have the option to mark their private keys as exportable (We're using the mSOFT certification authority). This means they can move that certificate to another machine if they want. We want to stop this from being able to happen. When they make the request, I am the one that has to issue the certificate, but from what I can see in the MCA there is no way to see if they had that option checked. Does anyone know if it's possible and/or how to disable that ability? or do we have to switch to a different certification authority that supports it?
0
Comment
Question by:SeanChapman
  • 2
  • 2
5 Comments
 
LVL 1

Expert Comment

by:mgrass
ID: 11823677
I've wondered how to do this before as well.  I've posted a question on a managed MSDN newsgroup and I'll shoot you any responses I get.

Mike
0
 
LVL 1

Author Comment

by:SeanChapman
ID: 11823751
so far I've been told that I can modify the certificate template to disallow the requester from being able to mark the keys exportable. But I'm using a windows 2000 server right now and can't find how to do it. I might be switching to a 2003 server soon, so I'm hoping its easier then.
0
 
LVL 1

Expert Comment

by:mgrass
ID: 11908078
Sorry, this took a while.  This was the answer I recieved from MS:

"You need to reconfigure the certificate template so that the private key  
option "Allow private key to be exported" is not specified. When that
option is specified in the template, the subject can export the key; when
it is not specified, they cannot. See Certificate Templates Help for more
information. "

Hope that helps.
0
 
LVL 1

Author Comment

by:SeanChapman
ID: 11914034
I figured that much out, but on our windows 2000 server I havent been able to find the option or anything to modify the certificate template. The only thing I've been able to do that works, it comment out some code in the asp page that processes the submit by form option. I just commented out the part where it checks for and creates the part of the request with the keys exportable, and that seemed to work.
0
 
LVL 1

Accepted Solution

by:
mpvbrao earned 500 total points
ID: 11943278
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now