Windows Vista Forums
Vista Forums Home Join Vista Forums Tech Publications Windows 7 Forum Vista Tutorials Webcasts Tags

Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Vista Newsgroups > Vista security

Adding a certificate using MMC on a Vista Machine.

Update your Vista Drivers
Reply
 
Thread Tools Display Modes
Old 02-20-2007   #1 (permalink)
Scott
Guest


 

Adding a certificate using MMC on a Vista Machine.

If I am using MMC to get a certificate does the PC need to be part of the
domain first? Does anybody have the steps to do this? With a domain or
without a domain.


My System SpecsSystem Spec
Old 02-20-2007   #2 (permalink)
Haitao Li
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

Yes, the PC needs to be in a domain, and the user needs to be in the same
domain.
Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
certificate"

"Scott" <Scott@discussions.microsoft.com> wrote in message
news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> If I am using MMC to get a certificate does the PC need to be part of the
> domain first? Does anybody have the steps to do this? With a domain or
> without a domain.
>

My System SpecsSystem Spec
Old 02-20-2007   #3 (permalink)
Scott
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.



"Haitao Li" wrote:

> Yes, the PC needs to be in a domain, and the user needs to be in the same
> domain.
> Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
> certificate"
>
> "Scott" <Scott@discussions.microsoft.com> wrote in message
> news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> > If I am using MMC to get a certificate does the PC need to be part of the
> > domain first? Does anybody have the steps to do this? With a domain or
> > without a domain.
> >

My System SpecsSystem Spec
Old 02-20-2007   #4 (permalink)
Scott
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

Haitao,
How about if I am unable to put the PC on the domain. Is there another
option?
I would use certsrv but it fails activeX with windows 2003 Server.

"Haitao Li" wrote:

> Yes, the PC needs to be in a domain, and the user needs to be in the same
> domain.
> Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
> certificate"
>
> "Scott" <Scott@discussions.microsoft.com> wrote in message
> news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> > If I am using MMC to get a certificate does the PC need to be part of the
> > domain first? Does anybody have the steps to do this? With a domain or
> > without a domain.
> >

My System SpecsSystem Spec
Old 02-20-2007   #5 (permalink)
Brian Komar [MVP]
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

OK, here is a way to do it (but it is not an easy
solution).

1) You need to use certmgr.msc on the Vista Client
2) You need to generate Custom Request in the console
(see Create a Custom Certificate Request in the Help
file).
3) Best to add Custom subject information (be sure to
include an Alternate Name that includes the User
Principal Name
4) Save the file to a PKCS#10 request

Create a custom v2 certificate template that allows the
Subject to be created in the Request. Base it on the
template you want to use (for the love of G*D, do not
use User <G>) Ensure that the template is available at
the CA you are using. Assume it is named VistaUser

You now use the Certsrv Web page to submit the request
1) Connect to https://CAName/certsrv
2) Provide credentials from the domain
3) Choose Request a Certificate
4) CHoose Advanced Certificate Request
5) Choose Submit a certificate request by using a base-
64-encoded CMC or PKCS #10 file, or submit a renewal
request by using a base-64-encoded PKCS #7 file.
6) Paste the contents of the file created in the first
procedure into the Saved Request box
7) Choose the VistaUser template in the Certificate
Template sectino
8) Click Submit
9) Save the issued certificate to a PKCS#7 file (all
certs in the chain)

Go back to the Vista box
1) Import the PKCS#7 file
2) Put all certs in the Personal store (for now)
3) Once the import is complete, move the CA certificates
into the appropriate stores (root in the root, all other
CAs in the intermediate store
4) Use the certificate

Brian
P.S. Please do not ask for more detailed steps <G>

In article <D85CB163-D832-4D40-B009-B5A28A685BF0
@microsoft.com>, Scott@discussions.microsoft.com says...
> Haitao,
> How about if I am unable to put the PC on the domain. Is there another
> option?
> I would use certsrv but it fails activeX with windows 2003 Server.
>
> "Haitao Li" wrote:
>
> > Yes, the PC needs to be in a domain, and the user needs to be in the same
> > domain.
> > Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
> > certificate"
> >
> > "Scott" <Scott@discussions.microsoft.com> wrote in message
> > news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> > > If I am using MMC to get a certificate does the PC need to be part of the
> > > domain first? Does anybody have the steps to do this? With a domain or
> > > without a domain.
> > >

>

My System SpecsSystem Spec
Old 02-21-2007   #6 (permalink)
Scott
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

Is this the article you are referring to Create a Custom Certificate Request.
Article # 555281 How to create offline L2TP/ IPSec Certificates. This is
all I can find that is remotely close.

"Brian Komar [MVP]" wrote:

> OK, here is a way to do it (but it is not an easy
> solution).
>
> 1) You need to use certmgr.msc on the Vista Client
> 2) You need to generate Custom Request in the console
> (see Create a Custom Certificate Request in the Help
> file).
> 3) Best to add Custom subject information (be sure to
> include an Alternate Name that includes the User
> Principal Name
> 4) Save the file to a PKCS#10 request
>
> Create a custom v2 certificate template that allows the
> Subject to be created in the Request. Base it on the
> template you want to use (for the love of G*D, do not
> use User <G>) Ensure that the template is available at
> the CA you are using. Assume it is named VistaUser
>
> You now use the Certsrv Web page to submit the request
> 1) Connect to https://CAName/certsrv
> 2) Provide credentials from the domain
> 3) Choose Request a Certificate
> 4) CHoose Advanced Certificate Request
> 5) Choose Submit a certificate request by using a base-
> 64-encoded CMC or PKCS #10 file, or submit a renewal
> request by using a base-64-encoded PKCS #7 file.
> 6) Paste the contents of the file created in the first
> procedure into the Saved Request box
> 7) Choose the VistaUser template in the Certificate
> Template sectino
> 8) Click Submit
> 9) Save the issued certificate to a PKCS#7 file (all
> certs in the chain)
>
> Go back to the Vista box
> 1) Import the PKCS#7 file
> 2) Put all certs in the Personal store (for now)
> 3) Once the import is complete, move the CA certificates
> into the appropriate stores (root in the root, all other
> CAs in the intermediate store
> 4) Use the certificate
>
> Brian
> P.S. Please do not ask for more detailed steps <G>
>
> In article <D85CB163-D832-4D40-B009-B5A28A685BF0
> @microsoft.com>, Scott@discussions.microsoft.com says...
> > Haitao,
> > How about if I am unable to put the PC on the domain. Is there another
> > option?
> > I would use certsrv but it fails activeX with windows 2003 Server.
> >
> > "Haitao Li" wrote:
> >
> > > Yes, the PC needs to be in a domain, and the user needs to be in the same
> > > domain.
> > > Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
> > > certificate"
> > >
> > > "Scott" <Scott@discussions.microsoft.com> wrote in message
> > > news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> > > > If I am using MMC to get a certificate does the PC need to be part of the
> > > > domain first? Does anybody have the steps to do this? With a domain or
> > > > without a domain.
> > > >

> >

>

My System SpecsSystem Spec
Old 02-21-2007   #7 (permalink)
Paul Adare
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

In article <1F1B55EE-4FC2-43E7-8B62-B9C20B35E5CC@microsoft.com>,
in the microsoft.public.windows.vista.security news group, =?
Utf-8?B?U2NvdHQ=?= <Scott@discussions.microsoft.com> says...

> Is this the article you are referring to Create a Custom Certificate Request.
> Article # 555281 How to create offline L2TP/ IPSec Certificates. This is
> all I can find that is remotely close.


Did you even read Brian's post? He's not referring to any
article, he has detailed the exact steps to do what needs to be
done.

>
> "Brian Komar [MVP]" wrote:
>
> > OK, here is a way to do it (but it is not an easy
> > solution).
> >
> > 1) You need to use certmgr.msc on the Vista Client
> > 2) You need to generate Custom Request in the console
> > (see Create a Custom Certificate Request in the Help
> > file).
> > 3) Best to add Custom subject information (be sure to
> > include an Alternate Name that includes the User
> > Principal Name
> > 4) Save the file to a PKCS#10 request
> >
> > Create a custom v2 certificate template that allows the
> > Subject to be created in the Request. Base it on the
> > template you want to use (for the love of G*D, do not
> > use User <G>) Ensure that the template is available at
> > the CA you are using. Assume it is named VistaUser
> >
> > You now use the Certsrv Web page to submit the request
> > 1) Connect to https://CAName/certsrv
> > 2) Provide credentials from the domain
> > 3) Choose Request a Certificate
> > 4) CHoose Advanced Certificate Request
> > 5) Choose Submit a certificate request by using a base-
> > 64-encoded CMC or PKCS #10 file, or submit a renewal
> > request by using a base-64-encoded PKCS #7 file.
> > 6) Paste the contents of the file created in the first
> > procedure into the Saved Request box
> > 7) Choose the VistaUser template in the Certificate
> > Template sectino
> > 8) Click Submit
> > 9) Save the issued certificate to a PKCS#7 file (all
> > certs in the chain)
> >
> > Go back to the Vista box
> > 1) Import the PKCS#7 file
> > 2) Put all certs in the Personal store (for now)
> > 3) Once the import is complete, move the CA certificates
> > into the appropriate stores (root in the root, all other
> > CAs in the intermediate store
> > 4) Use the certificate
> >
> > Brian
> > P.S. Please do not ask for more detailed steps <G>
> >
> > In article <D85CB163-D832-4D40-B009-B5A28A685BF0
> > @microsoft.com>, Scott@discussions.microsoft.com says...
> > > Haitao,
> > > How about if I am unable to put the PC on the domain. Is there another
> > > option?
> > > I would use certsrv but it fails activeX with windows 2003 Server.
> > >
> > > "Haitao Li" wrote:
> > >
> > > > Yes, the PC needs to be in a domain, and the user needs to be in the same
> > > > domain.
> > > > Run "certmgr.msc", right click "Personal", click "All Tasks"=>"Request new
> > > > certificate"
> > > >
> > > > "Scott" <Scott@discussions.microsoft.com> wrote in message
> > > > news:A5143585-DFDE-4242-A2BE-202A576664FE@microsoft.com...
> > > > > If I am using MMC to get a certificate does the PC need to be part of the
> > > > > domain first? Does anybody have the steps to do this? With a domain or
> > > > > without a domain.
> > > > >
> > >

> >

>


--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm,
has survived for centuries without smileys. Only the new crop of
modern computer geeks finds it impossible to detect a joke that
is not clearly labeled as such."
Ray Shea
My System SpecsSystem Spec
Old 02-21-2007   #8 (permalink)
Brian Komar [MVP]
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.


Please scroll down.... Jeesh
Brian

In article <1F1B55EE-4FC2-43E7-8B62-
B9C20B35E5CC@microsoft.com>,
Scott@discussions.microsoft.com says...
> Is this the article you are referring to Create a Custom Certificate Request.
> Article # 555281 How to create offline L2TP/ IPSec Certificates. This is
> all I can find that is remotely close.
>
> "Brian Komar [MVP]" wrote:
>
> > OK, here is a way to do it (but it is not an easy
> > solution).
> >
> > 1) You need to use certmgr.msc on the Vista Client
> > 2) You need to generate Custom Request in the console
> > (see Create a Custom Certificate Request in the Help
> > file).
> > 3) Best to add Custom subject information (be sure to
> > include an Alternate Name that includes the User
> > Principal Name
> > 4) Save the file to a PKCS#10 request
> >
> > Create a custom v2 certificate template that allows the
> > Subject to be created in the Request. Base it on the
> > template you want to use (for the love of G*D, do not
> > use User <G>) Ensure that the template is available at
> > the CA you are using. Assume it is named VistaUser
> >
> > You now use the Certsrv Web page to submit the request
> > 1) Connect to https://CAName/certsrv
> > 2) Provide credentials from the domain
> > 3) Choose Request a Certificate
> > 4) CHoose Advanced Certificate Request
> > 5) Choose Submit a certificate request by using a base-
> > 64-encoded CMC or PKCS #10 file, or submit a renewal
> > request by using a base-64-encoded PKCS #7 file.
> > 6) Paste the contents of the file created in the first
> > procedure into the Saved Request box
> > 7) Choose the VistaUser template in the Certificate
> > Template sectino
> > 8) Click Submit
> > 9) Save the issued certificate to a PKCS#7 file (all
> > certs in the chain)
> >
> > Go back to the Vista box
> > 1) Import the PKCS#7 file
> > 2) Put all certs in the Personal store (for now)
> > 3) Once the import is complete, move the CA certificates
> > into the appropriate stores (root in the root, all other
> > CAs in the intermediate store
> > 4) Use the certificate
> >
> > Brian
> > P.S. Please do not ask for more detailed steps <G>

P
My System SpecsSystem Spec
Old 02-22-2007   #9 (permalink)
Scott
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

Sorry having one of those days

"Brian Komar [MVP]" wrote:

>
> Please scroll down.... Jeesh
> Brian
>
> In article <1F1B55EE-4FC2-43E7-8B62-
> B9C20B35E5CC@microsoft.com>,
> Scott@discussions.microsoft.com says...
> > Is this the article you are referring to Create a Custom Certificate Request.
> > Article # 555281 How to create offline L2TP/ IPSec Certificates. This is
> > all I can find that is remotely close.
> >
> > "Brian Komar [MVP]" wrote:
> >
> > > OK, here is a way to do it (but it is not an easy
> > > solution).
> > >
> > > 1) You need to use certmgr.msc on the Vista Client
> > > 2) You need to generate Custom Request in the console
> > > (see Create a Custom Certificate Request in the Help
> > > file).
> > > 3) Best to add Custom subject information (be sure to
> > > include an Alternate Name that includes the User
> > > Principal Name
> > > 4) Save the file to a PKCS#10 request
> > >
> > > Create a custom v2 certificate template that allows the
> > > Subject to be created in the Request. Base it on the
> > > template you want to use (for the love of G*D, do not
> > > use User <G>) Ensure that the template is available at
> > > the CA you are using. Assume it is named VistaUser
> > >
> > > You now use the Certsrv Web page to submit the request
> > > 1) Connect to https://CAName/certsrv
> > > 2) Provide credentials from the domain
> > > 3) Choose Request a Certificate
> > > 4) CHoose Advanced Certificate Request
> > > 5) Choose Submit a certificate request by using a base-
> > > 64-encoded CMC or PKCS #10 file, or submit a renewal
> > > request by using a base-64-encoded PKCS #7 file.
> > > 6) Paste the contents of the file created in the first
> > > procedure into the Saved Request box
> > > 7) Choose the VistaUser template in the Certificate
> > > Template sectino
> > > 8) Click Submit
> > > 9) Save the issued certificate to a PKCS#7 file (all
> > > certs in the chain)
> > >
> > > Go back to the Vista box
> > > 1) Import the PKCS#7 file
> > > 2) Put all certs in the Personal store (for now)
> > > 3) Once the import is complete, move the CA certificates
> > > into the appropriate stores (root in the root, all other
> > > CAs in the intermediate store
> > > 4) Use the certificate
> > >
> > > Brian
> > > P.S. Please do not ask for more detailed steps <G>

> P
>

My System SpecsSystem Spec
Old 02-22-2007   #10 (permalink)
Guest


 

Re: Adding a certificate using MMC on a Vista Machine.

"Scott" <Scott@discussions.microsoft.com> wrote in message
news:8C447DBE-240E-48B1-A29D-339E692807D7@microsoft.com...
> Sorry having one of those days



And with that apology and admission, you have just made Brian and all the
other MVPs here love you.

Congratulations for having the strength of character to be polite in a
public newsgroup.

Alun.
~~~~


My System SpecsSystem Spec
Reply
Update your Vista Drivers

Thread Tools
Display Modes



Similar Threads
Thread Thread Starter Forum Replies Last Post
Adding SSL-enabled WebDAV with self-signed certificate as a networkdrive matsch Vista General 0 04-29-2008 06:02 AM
Adding Network Printers to a client machine JerryA Vista print fax & scan 3 10-01-2007 01:55 PM
Importing Outlook 2003 Contacts and Mail from an XP machine to a new Vista machine Robert W. Rafferty Vista mail 2 08-31-2007 08:31 PM
Adding certificate to trusted root authority Fahd Ajmal Vista security 1 05-12-2007 09:41 AM
Adding snap-in located on remote machine asnowfall@gmail.com PowerShell 2 01-17-2007 04:33 PM


Complimentary Industry Resources

Vista Forums has joined forces with TradePub.com to offer you a new, exciting, and entirely free professional resource. Visit http://vistax64.tradepub.com today to browse our selection of complimentary Industry magazines, white papers, webinars, podcasts, and more across 34 industry sectors. No credit cards, coupons, or promo codes required. Try it today!




Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media 2005-2008

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51