How do I create a Personal Key and save it to a users Windows Key Store

Hi All,

I need to figure out how to create a Personal Key certificate and save it to a users Windows Key Store?
I can do this using Word 2010, but I want to know if I can generate the keys for each user and then import it into their "Windows Key Store" on Windows XP and Windows 7

Once the key is imported yuo woulld be able to see it under IE > internet options >Content > Certificates > personal (tab)
Thanks
LVL 14
BigBadWolf_000Asked:
Who is Participating?
 
Dave HoweSoftware and Hardware EngineerCommented:
Ok, odds are good if you are just importing into personal keystore you can have them just double-click the thing, enter a fixed password, then next-next-next.

Windows CA is better suited for an enrolment scenario (where the client or the user submits a CSR to the CA, and is given a certificate in return) - this can happen automatically in a domain environment, see http://iconraja.wordpress.com/2010/10/18/how-can-i-enable-digital-certificate-auto-enrollment-in-windows-server-2003/ for an example (there are many more) - strength there is that you don't have to get the user to do anything (it is done transparently for them) but you have to ensure you are using roving profiles or each end node will have a different key and certificate.

personally, if I were generating a large number of pfx files, I would not use either the windows CA *or* xca - I would instead use the http://www.ebcrypt.com/ scriptable component, and write a bit of vbs to generate, export, and email each pfx file in an automated fashion. a bit more work will let you walk active directory using the wmi/ldap stuff built into vbs, so you can find and work with each user's email without having to manually compile a list.
0
 
Jackie ManCommented:
1. I can do this using Word 2010. <- How? (I am just curious to know how you can do that.)

2. if I can generate the keys for each user<- Are you the domain admin? If yes, logon your own PC with your domain user credential (of course, you need to know the domain user's pasword (you should know it) and let the domain user know what and why you do so) and you can generate the perosnal key one-by-one using your method of "I can do this using Word 2010".

3. ...and then import it into their "Windows Key Store" on Windows XP and Windows 7? I have no idea of how to import the perosnal key for Windows XP. But, it is possible to import the personal key to windows 7 using credential manager. Details are in the link below.

http://www.exploringwindows.com/7thSon/ControlPanel/CredentialManager.htm
0
 
BigBadWolf_000Author Commented:
jackieman: I don't want to use Word 2010, hence the post :)
I can use IE to import the key to the windows store (yes I have admin rights to all)
Do you you of a windows tool or third party tool that will let me create a PCKCS12 type *.PFX file
Thanks
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
Dave HoweSoftware and Hardware EngineerCommented:
you can make pfx files easily - windows server comes with a CA for that, or (my personal preference) you can use http://sourceforge.net/projects/xca

however, auto-enrollment using outlook and exchange is the easiest :)
0
 
BigBadWolf_000Author Commented:
Hi DaveHowe:thanks - to clarify further - I want to create personal keys for multiple users (*.pfx) then import their specific key to their local desktop or terminal server session (to use for a digital signing product). I wanted pfx creator so I can send the key to the user with simple instructions on how to import it into the Windows personal key store....any thoughts

How would a Windows CA work in this senerio?
0
 
BigBadWolf_000Author Commented:
Thanks for the info...could not get it to work :(
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.