Manual Loading of a Certificate

Archived from groups: microsoft.public.win2000.security (More info?)

I need to get a certificate on a remote computer. The cert will be used for
IPSec. How do I create a certificate using an enterprise CA, place it on a
floppy and then load it manually from the floppy to the remote computer.


--
7TA9241
1 answer Last reply
More about manual loading certificate
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    You could request it via Web Enrollment. You would first need to allow the
    computer to issue certificates based on the ipsec offline template which you
    can do in the CA Management Console/policy settings - new certificate to
    issue. Then the user would need to logon as local administrator, use Web
    Enrollment to do an advanced request for an ipsec offline certificate
    entering the fully qualified domain name of the computer as the name [IE
    computer1.mydomain.com] and checking for use local machine store. If you
    have a concern with allowing internet access for CA, then you might do it
    just temporally and configure your firewall or website properties to accept
    connection from only the public IP address that the computer would request
    the certificate from.

    Otherwise you could do the same yourself using Web Enrollment via the lan
    and request the certificate for the computer. You would also have to enter
    the name for the computer AND select to mark the private keys as exportable.
    Then the certificate/private key will install on the computer you requested
    the certificate from. After that use the mmc certificates snapin for
    computer, find the certificate in the personal folder, select all tasks and
    then export, select the option to export the private key and on the next
    page select include all certificate in certification path if possible but do
    NOT select enable strong key protection. You will then have to choose a path
    and name for the .pfx file and a password to protect it. You can then
    send/email that file to the user and have them open it on their computer
    which will prompt them for the password to protect the private key. It
    should install the certificate/private key for them. I have noticed that it
    may install to the wrong certificate store - user rather than computer.
    Instruct the user to use the mmc certificates snapin for computer to see if
    the certificate is there. If it is not have them select the
    personal/certificates folder, all tasks/import and browse to the .pfx file
    and install it that way. The link below explains Web Enrollment in more
    details. Note that you may get warning messages from IE as you request and
    install certificates via web pages, just select yes to the messages. ---
    Steve


    http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp


    "mwebb" <mwebb@discussions.microsoft.com> wrote in message
    news:8F34CA06-AACD-4E27-B80E-EF3C01244B77@microsoft.com...
    >I need to get a certificate on a remote computer. The cert will be used for
    > IPSec. How do I create a certificate using an enterprise CA, place it on
    > a
    > floppy and then load it manually from the floppy to the remote computer.
    >
    >
    > --
    > 7TA9241
Ask a new question

Read More

Floppy Disk Computers Certificate Windows