Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Encryption Error 1
- Thread starter Robyne
- Start date
-
1
- #2
Sound like you need to renew the certificate. Here is some information on that for you:
Renewing certificates
Every certificate has a validity period. After the end of the validity period, the certificate is no longer considered an acceptable or usable credential. The Certificates snap-in enables you to renew a certificate issued from a Windows 2000 enterprise certification authority before or after the end of its validity period by using the Certificate Renewal Wizard.
You can either renew the certificate with the same key set you used before, or you can renew a certificate with a new key set. For information about the issues of reusing a key set as opposed to generating a new key set for certificate renewal, see Resources: Public key infrastructure
Before you renew a certificate, you will need to know:
• The issuing certification authority
• (Optional) If you want a new public key and private key pair for the certificate, the cryptographic service provider (CSP) that should be used to generate the key pair.
For more information, see To renew a certificate with a new key and To renew a certificate with the same key
In addition, you can renew certificates issued from both Windows 2000 enterprise certification authorities and Windows 2000 stand-alone certification authorities with the Certificate Services Web pages by pasting in the contents of a PKCS #7 file. For more information, see To request a certificate using a PKCS #10 or PKCS #7 file
Let me know if that helps
Enkrypted
A+
Renewing certificates
Every certificate has a validity period. After the end of the validity period, the certificate is no longer considered an acceptable or usable credential. The Certificates snap-in enables you to renew a certificate issued from a Windows 2000 enterprise certification authority before or after the end of its validity period by using the Certificate Renewal Wizard.
You can either renew the certificate with the same key set you used before, or you can renew a certificate with a new key set. For information about the issues of reusing a key set as opposed to generating a new key set for certificate renewal, see Resources: Public key infrastructure
Before you renew a certificate, you will need to know:
• The issuing certification authority
• (Optional) If you want a new public key and private key pair for the certificate, the cryptographic service provider (CSP) that should be used to generate the key pair.
For more information, see To renew a certificate with a new key and To renew a certificate with the same key
In addition, you can renew certificates issued from both Windows 2000 enterprise certification authorities and Windows 2000 stand-alone certification authorities with the Certificate Services Web pages by pasting in the contents of a PKCS #7 file. For more information, see To request a certificate using a PKCS #10 or PKCS #7 file
Let me know if that helps
Enkrypted
A+
- Thread starter
- #3
I'm confused now. How did a certificate get there? This laptop's never been part of the Domain. And I don't think I'm understanding encryption. We've been written up twice by auditors for not having encryption "turned on" on the laptops. But it's not like the firewall in SP2, is it, where it's on or off? From what I've read, it's something you apply to specific folders. But if it's just so others can't read your files, isn't that handled by using local user accounts?
gpalmer711
IS-IT--Management
Certificates are automatically generated when you install Windows XP for various features of the Operating System.
To a certain degree if your machine is setup on a NTFS drive then File permissions can help with stopping other people reading your files. However this is only viable if someone cannot get physical access to the machine and boot from a linux disc to bypass the NTFS permissions.
Encryption however will stop people reading your files no matter what machine they are stored on or what type of boot disc they use to access the machine. As far as I am aware the MS EFS (Encrypting file system) has not been cracked yet.
One thing to note is that you must backup your encryption certificates and keep them in a safe place. If you ever needed to recreate the users, perhaps due to a reinstall of XP then you would not be able to get access to your files without the old certificate.
Take a look at for a good guide on how to use EFS
Greg Palmer
Freeware Utilities for Windows Administrators.
robyne said:
To a certain degree if your machine is setup on a NTFS drive then File permissions can help with stopping other people reading your files. However this is only viable if someone cannot get physical access to the machine and boot from a linux disc to bypass the NTFS permissions.
Encryption however will stop people reading your files no matter what machine they are stored on or what type of boot disc they use to access the machine. As far as I am aware the MS EFS (Encrypting file system) has not been cracked yet.
One thing to note is that you must backup your encryption certificates and keep them in a safe place. If you ever needed to recreate the users, perhaps due to a reinstall of XP then you would not be able to get access to your files without the old certificate.
Take a look at for a good guide on how to use EFS
Greg Palmer
Freeware Utilities for Windows Administrators.
- Status
Similar threads
- Locked
- Question