[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: invisible cert
From: Laszlo Elteto <lelteto () RAINBOW ! COM>
Date: 2002-04-24 17:30:44
[Download RAW message or body]
I think it should. I assume the machine cert (and key) store is always
available for READ to anybody on the computer. And the user's Registry area
definitely available to the user (to write). Give it a try...
Laszlo Elteto
Fellow Scientist
Rainbow Technologies, Inc.
-----Original Message-----
From: Soumik Sarkar [mailto:Soumik_Sarkar@PHOENIX.COM]
Sent: Wednesday, April 24, 2002 10:26 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: invisible cert
Good idea. But I am not sure if this program will work for users with
non-administrative privileges.
-----Original Message-----
From: Laszlo Elteto [mailto:lelteto@RAINBOW.COM]
Sent: Wednesday, April 24, 2002 10:24 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: invisible cert
You can write a small utility which checks if this cert is copied to the
user - and if not, copies it. Put this into the all-users startup folder and
any new user will automatically get the cert when logs in.
Do you really want to authenticate the COMPUTER to the server? Because
that's what you are doing (instead of authenticating the users).
Laszlo Elteto
Fellow Scientist
Rainbow Technologies, Inc.
-----Original Message-----
From: Soumik Sarkar [mailto:Soumik_Sarkar@PHOENIX.COM]
Sent: Wednesday, April 24, 2002 10:16 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: invisible cert
Thanks for the response Laszlo.
Copying the cert to all the existing users will solve the problem for the
time being. But what happens when new users are created?
Soumik.
-----Original Message-----
From: Laszlo Elteto [mailto:lelteto@RAINBOW.COM]
Sent: Wednesday, April 24, 2002 10:14 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Re: invisible cert
Yes, it is how it suposed to work. Why a MACHINE cert would show up for USER
authentication? On thing you might do is to add the certificate to BOTH
stores (or write a migration / copy utility).
Laszlo Elteto
Fellow Scientist
Rainbow Technologies, Inc.
-----Original Message-----
From: Soumik Sarkar [mailto:Soumik_Sarkar@PHOENIX.COM]
Sent: Wednesday, April 24, 2002 10:08 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: invisible cert
Hi All,
We have an application where we download a cert (using the browser)
in the CERT_SYSTEM_STORE_LOCAL_MACHINE of the client using the MyStoreFlags
property of xenroll.
But this does not show up in the list of certs in the dialog box which is
displayed when an ssl server requests a client cert. Is there any way I can
make this happen?
Everything works fine if I store the cert in the
CERT_SYSTEM_STORE_CURRENT_USER though.
TIA,
Soumik.
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic