Windows does indeed maintain certificate stores per machine, per user and for each service. It decides per cert where to store these. E.g. certs for which you have a private key go into the user store, CA certs into the machine store, etc. You can override the choice of store and storage method in the Certificate import wizard but this has limitations. It will for instance not accept a personal cert without a private key.
There is a basic view of the combined stores in Internet options, content, certificates but a better tool is to use the certificates snap-in to mmc on later (2K,XP) versions of Windows. Some 3rd party Windows applications use the store as well. I personally know of the SafeNet IPSec client. Some use their own, such as the ssh.com Sentinel IPSec client. Bart... -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 15 September 2003 03:33 To: [EMAIL PROTECTED] Subject: RE: FAQ item USER 12. Clarification regarding pkcs12 On Sun, 14 Sep 2003, Dann Daggett wrote: > Thank you for that great explanation Henrik. It sounds like I should be > creating the cert request from my XP client. But I've not found any > indication that it can create a cert request. Any idea if XP (or windows > in general) has such a tool included? I seem to remember that last time I looked at MSIE it had certificate request functions triggered by a web form at the CA.. Nescape also has similar functions. I would recommend looking into openca or another integrated CA solution. This includes all components you need and a lot more nice stuff for maintaining the issued certificates, and also has clear documentation on how to install your CA certificate in the client browsers and servers. <url:http://www.openca.org/openca/> > By "application", in a user's case, does that mean "Windows" in general, > or is it limited to each application like "IE" and "Outlook"? Depends. Microsoft seems to be using a central certificate store for the users certificates, but this is not neccesarily used by all (non-MS) applications and maybe there is exceptions where the certificate needs to be requested or stored differently? But in general I think all MS applications uses the same certificate store. Maybe others here knows more on how certificates is maintained in the Microsoft world. Myself is a UNIX/Linux guy. Regards Henrik ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]