?
Solved

How do I create a Personal Key and save it to a users Windows Key Store

Posted on 2011-05-04
7
Medium Priority
?
361 Views
Last Modified: 2012-05-11
Hi All,

I need to figure out how to create a Personal Key certificate and save it to a users Windows Key Store?
I can do this using Word 2010, but I want to know if I can generate the keys for each user and then import it into their "Windows Key Store" on Windows XP and Windows 7

Once the key is imported yuo woulld be able to see it under IE > internet options >Content > Certificates > personal (tab)
Thanks
0
Comment
Question by:BigBadWolf_000
  • 3
  • 2
6 Comments
 
LVL 52

Expert Comment

by:Jackie Man
ID: 35697461
1. I can do this using Word 2010. <- How? (I am just curious to know how you can do that.)

2. if I can generate the keys for each user<- Are you the domain admin? If yes, logon your own PC with your domain user credential (of course, you need to know the domain user's pasword (you should know it) and let the domain user know what and why you do so) and you can generate the perosnal key one-by-one using your method of "I can do this using Word 2010".

3. ...and then import it into their "Windows Key Store" on Windows XP and Windows 7? I have no idea of how to import the perosnal key for Windows XP. But, it is possible to import the personal key to windows 7 using credential manager. Details are in the link below.

http://www.exploringwindows.com/7thSon/ControlPanel/CredentialManager.htm
0
 
LVL 14

Author Comment

by:BigBadWolf_000
ID: 35699176
jackieman: I don't want to use Word 2010, hence the post :)
I can use IE to import the key to the windows store (yes I have admin rights to all)
Do you you of a windows tool or third party tool that will let me create a PCKCS12 type *.PFX file
Thanks
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35701156
you can make pfx files easily - windows server comes with a CA for that, or (my personal preference) you can use http://sourceforge.net/projects/xca

however, auto-enrollment using outlook and exchange is the easiest :)
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 14

Author Comment

by:BigBadWolf_000
ID: 35715856
Hi DaveHowe:thanks - to clarify further - I want to create personal keys for multiple users (*.pfx) then import their specific key to their local desktop or terminal server session (to use for a digital signing product). I wanted pfx creator so I can send the key to the user with simple instructions on how to import it into the Windows personal key store....any thoughts

How would a Windows CA work in this senerio?
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 1500 total points
ID: 35716166
Ok, odds are good if you are just importing into personal keystore you can have them just double-click the thing, enter a fixed password, then next-next-next.

Windows CA is better suited for an enrolment scenario (where the client or the user submits a CSR to the CA, and is given a certificate in return) - this can happen automatically in a domain environment, see http://iconraja.wordpress.com/2010/10/18/how-can-i-enable-digital-certificate-auto-enrollment-in-windows-server-2003/ for an example (there are many more) - strength there is that you don't have to get the user to do anything (it is done transparently for them) but you have to ensure you are using roving profiles or each end node will have a different key and certificate.

personally, if I were generating a large number of pfx files, I would not use either the windows CA *or* xca - I would instead use the http://www.ebcrypt.com/ scriptable component, and write a bit of vbs to generate, export, and email each pfx file in an automated fashion. a bit more work will let you walk active directory using the wmi/ldap stuff built into vbs, so you can find and work with each user's email without having to manually compile a list.
0
 
LVL 14

Author Closing Comment

by:BigBadWolf_000
ID: 35799918
Thanks for the info...could not get it to work :(
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question