Re: can we prevent export of a personal certificate?

Greg Stark Tue, 28 Aug 2001 14:17:46 -0700
What you are referring to is in fact the private key information and not
just the public certificate. I don't know of any way to stop a mozilla user
from doing the backup, I'm just not that familiar with mozilla. For IE and
if you are using one of the MS providers, the default is to disallow export
of the private key. Check your script which creates the certficate request
and private key; it should have something that looks like
objectname.createPKCS10. Make sure nothing sets the low-order bit of
objectname.GenKeyFlags; it should be zero.

====================
Greg Stark
[EMAIL PROTECTED]
====================


----- Original Message -----
From: "werner fraga" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 28, 2001 4:58 PM
Subject: Re: can we prevent export of a personal certificate?


> steve wrote:
> > Do you mean 'private keys'? Certificates are public
> knowledge and can't be restricted in that way. What OS
> is this for, if windows then you can for MSIE but it
> depends on how you import the certificates in the
> first place.
>
> ----------------
>
> i think i mean 'certificates', as in mozilla's Edit
> --> Preferences --> Privacy... -> Certificates -->
> Manage Certs --> Backup
>
> this allows the user to back up a certificate to a
> file and then restore it on another computer.
>
> i was hoping that this could be disabled somehow...
>
> our employees use IE & netscape for windows, and
> mozilla for linux. the majority is using IE for
> windows, so it would be acceptable if we could just
> disable exports for IE...
> near as i can tell, we are using 'AcceptPKCS7' to
> import the certificate into IE...
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: can we prevent export of a personal certificate?

Reply via email to
