Windows does indeed maintain certificate stores per machine, per user
and for each service. It decides per cert where to store these. E.g.
certs for which you have a private key go into the user store, CA certs
into the machine store, etc. You can override the choice of store and
storage method in the Certificate import wizard but this has
limitations. It will for instance not accept a personal cert without a
private key.

There is a basic view of the combined stores in Internet options,
content, certificates but a better tool is to use the certificates
snap-in to mmc on later (2K,XP) versions of Windows.

Some 3rd party Windows applications use the store as well. I personally
know of the SafeNet IPSec client. Some use their own, such as the
ssh.com Sentinel IPSec client.

Bart...

-----Original Message-----
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: 15 September 2003 03:33
To: [EMAIL PROTECTED]
Subject: RE: FAQ item USER 12. Clarification regarding pkcs12

On Sun, 14 Sep 2003, Dann Daggett wrote:

> Thank you for that great explanation Henrik. It sounds like I should
be
> creating the cert request from my XP client. But I've not found any
> indication that it can create a cert request. Any idea if XP (or
windows
> in general) has such a tool included?

I seem to remember that last time I looked at MSIE it had certificate
request functions triggered by a web form at the CA..  Nescape also has
similar functions.

I would recommend looking into openca or another integrated CA solution.

This includes all components you need and a lot more nice stuff for 
maintaining the issued certificates, and also has clear documentation on

how to install your CA certificate in the client browsers and servers. 
<url:http://www.openca.org/openca/>

> By "application", in a user's case, does that mean "Windows" in
general,
> or is it limited to each application like "IE" and "Outlook"?

Depends. Microsoft seems to be using a central certificate store for the
users certificates, but this is not neccesarily used by all (non-MS)  
applications and maybe there is exceptions where the certificate needs
to
be requested or stored differently? But in general I think all MS
applications uses the same certificate store. Maybe others here knows
more
on how certificates is maintained in the Microsoft world. Myself is a
UNIX/Linux guy.

Regards
Henrik

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to