Re: keys generated by xenroll.dll...

Fri, 08 Dec 2000 07:15:18 -0800 

You can write your own program to delete them using the Microsoft CryptoAPI
CertXYZ functions, or you can use a tool from Microsoft called "certmgr".
certmgr is part of the CryptoAPI tools distribution. It comes on one of the
SDK's, I think the Platform SDK. I also believe you can download it for free
off the Microsoft at

http://msdn.microsoft.com/downloads/tools/authenticode/codesign.exe

Certificates and certificate requests are kept in storage structures that
Microsoft calls "certificate stores". There are different stores for root
certificates, certificates for which you also have the private key, and
yet-to-certified certificate requests. These latter are kept in the REQUEST
store. You can examine this store by running certmgr -s request. You can
delete certificates from this store by doing certmgr -s request -del -c.

The REQUEST store and others appear to be kept in the registry, at least on
my Win98 machine. Check out the "HKLM/Software/Microsoft/System Certificate"
and "HKCU/Software/Microsoft/System Certificate" keys. I would not recommend
trying to directly delete the registry keys, however.

Greg Stark, [EMAIL PROTECTED]
Chief Security Architect
Ethentica, Inc.
www.ethentica.com


----- Original Message -----
From: "SCH" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 08, 2000 5:53 AM
Subject: keys generated by xenroll.dll...


> I am generating keys and certificate-request again and again,
> some requests are lost(I am debugging my program, so they are deleted
> from database).
>
> My question is, how can I clear the keys? I think they are still on my
hard-disk,
> waiting for their certificate that will never appear.but I don't know how
I can
> clear them, Have anyone here delt with this issue?
>
> Another question is, I can't import the keys and certifcates(they are
packed into one p12 file)
> that were generated by outside program(based on openssl)into my IE as
"mypersonalcertificate",
> what is the reason? Must I generate keys from IE if I want to use them for
client-authentication?
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to