Not allowing users to mark certificates as exportable

S

schapman

We are using EAP-TLS for our wireless network. And were wondering,
when a user makes a request for a certificate to authenticate they
have the option to mark their private keys as exportable (We're using
the mSOFT certification authority). This means they can move that
certificate to another machine if they want. We want to stop this from
being able to happen. When they make the request, I am the one that
has to issue the certificate, but from what I can see in the
Certificate snap-in there is no way to see if they had that option
checked. Does anyone know if it's possible and/or how to disable that
ability? or do we have to switch to a different certification
authority that supports it?
 
M

Miha Pihler

Hi,

I am not familiar with mSOFT CA, but you can do this in Microsoft CA server.
You can configure attributes of the certificate by configuring certificate
templates (certificate validity, key size, CSP, are the keys exportable,
purpose of the certificate (client authentication, digital signatures, ...).
User's certificates are then issued based on configuration set in templates.

One thing you should check is mSOFT's manual if they support this options...

Mike
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User vs. Basic EFS certificate 3
EAP-TLS with a standalone CA 2
on windows ca: mark privat key for User-Policy as exportable 2
certificates issued to desktops??? 1
Enterprise CA access 5
Question regarding issuing certificates to users 3
Requesting Certificate from Subordinate CA 1
Why enterprise root CA automatically isue certificates. 5

Top