How do I create a Personal Key and save it to a users Windows Key Store

Posted on 2011-05-04
Last Modified: 2012-05-11
Hi All,

I need to figure out how to create a Personal Key certificate and save it to a users Windows Key Store?
I can do this using Word 2010, but I want to know if I can generate the keys for each user and then import it into their "Windows Key Store" on Windows XP and Windows 7

Once the key is imported yuo woulld be able to see it under IE > internet options >Content > Certificates > personal (tab)
Question by:BigBadWolf_000
    LVL 40

    Expert Comment

    by:Jackie Man
    1. I can do this using Word 2010. <- How? (I am just curious to know how you can do that.)

    2. if I can generate the keys for each user<- Are you the domain admin? If yes, logon your own PC with your domain user credential (of course, you need to know the domain user's pasword (you should know it) and let the domain user know what and why you do so) and you can generate the perosnal key one-by-one using your method of "I can do this using Word 2010".

    3. ...and then import it into their "Windows Key Store" on Windows XP and Windows 7? I have no idea of how to import the perosnal key for Windows XP. But, it is possible to import the personal key to windows 7 using credential manager. Details are in the link below.
    LVL 14

    Author Comment

    jackieman: I don't want to use Word 2010, hence the post :)
    I can use IE to import the key to the windows store (yes I have admin rights to all)
    Do you you of a windows tool or third party tool that will let me create a PCKCS12 type *.PFX file
    LVL 33

    Expert Comment

    by:Dave Howe
    you can make pfx files easily - windows server comes with a CA for that, or (my personal preference) you can use

    however, auto-enrollment using outlook and exchange is the easiest :)
    LVL 14

    Author Comment

    Hi DaveHowe:thanks - to clarify further - I want to create personal keys for multiple users (*.pfx) then import their specific key to their local desktop or terminal server session (to use for a digital signing product). I wanted pfx creator so I can send the key to the user with simple instructions on how to import it into the Windows personal key store....any thoughts

    How would a Windows CA work in this senerio?
    LVL 33

    Accepted Solution

    Ok, odds are good if you are just importing into personal keystore you can have them just double-click the thing, enter a fixed password, then next-next-next.

    Windows CA is better suited for an enrolment scenario (where the client or the user submits a CSR to the CA, and is given a certificate in return) - this can happen automatically in a domain environment, see for an example (there are many more) - strength there is that you don't have to get the user to do anything (it is done transparently for them) but you have to ensure you are using roving profiles or each end node will have a different key and certificate.

    personally, if I were generating a large number of pfx files, I would not use either the windows CA *or* xca - I would instead use the scriptable component, and write a bit of vbs to generate, export, and email each pfx file in an automated fashion. a bit more work will let you walk active directory using the wmi/ldap stuff built into vbs, so you can find and work with each user's email without having to manually compile a list.
    LVL 14

    Author Closing Comment

    Thanks for the info...could not get it to work :(

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
    This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now