Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Certificates question

Status
Not open for further replies.
SSJ

SSJ

Programmer
Sep 26, 2002
54
PT
I installed CA Server on my W2K3 machine in order to create certificates to use with my web site.

I'm trying to use client authentication and the only way I can manage to generate this certificates is by forcing the client to request them from my certsrv page and then they will be installed on their browsers.

My question is, can a certificate for the same client be used in 2 different machines? Or even in the same machine in different browsers?
If so how can I do it? When a client installs it's certificate it will be installed on the browser and apparently it can't be installed in any other place.

What I wanted to do is to be able to generate the certificates on my side and then distribute them to the clients and then they could install them on the desired machines.

Is this possible to do?

TIA
 
Sort by date Sort by votes
I managed to do it, I wasn't creating the certificates correctly, I needed to use the allow private key export wich wasn't default as I thought.

Other question though, how can I clear the list of the revoked certificates in MS CA Server? I ended up with a few revoked certificates in that list due to tests and I'd like to remove them from there to avoid confusions.
 
Upvote 0 Downvote
You must create a new key, which means a whole new set of certificates to give out.



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
If you are running 2003 Enterprise and have an Enterprise CA setup, you can configure auto-enrollment of user certs.
 
Upvote 0 Downvote
I'm not sure if I understood your answers. I used a few certificates for testing the export with private key and ended up with a few of badly configured so I revoked them. They appear under the revoked certificates list in CA Server as expected.

What I want now is to be able to clear that list, since this certificates have no meaning at all, is this possible?
 
Upvote 0 Downvote
That's the way it works by design. When you revoke, you don't want to delete them. You want your revoked certificate to always be there just in case someone uses your certificate that you revoke...

The only way NOT to have the revoked certificates is to have a new key, which means a new set of certificates, which means your old one is no longer valid, so the system no longer needs the revoked ones since you've removed the certificate key...

I don't know if this makes sense, but lemme just sum it up:

- No, you can't erase Revoked Certificates because it would defeat the purpose of Certification.



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
hmmm ok, yes it makes sense, but I was hoping that would be a way of deleting them for good.

Thanks for the help
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
258
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
272
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
188
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
180
Krus1972
Krus1972
Shimness
  • Locked
  • Question
Hyper-V Server Build Questions
Replies
6
Views
356
technome
technome

Part and Inventory Search

Sponsor

Back
Top