Project

General

Profile

Storing a Windows 7 Machine Certificate » History » Version 2

« Previous - Version 2/9 (diff) - Next » - Current version
Martin Willi, 20.01.2009 07:24
Completed Win7Certs page


= Storing a Windows 7 Machine Certificate =

First call up the ''Microsoft Management Console'' (mmc) and add the Certificates Snap-In:

[[Image(htdocs:snapin_add.png)]]

It is of the '''utmost importance''' that you select ''Computer account'':

[[Image(htdocs:snapin_computer_account.png)]]

Go into the ''Certificates (Local Computer) / Personal / Certificates'' folder

[[Image(htdocs:snapin_personal_certificates.png)]]

and select the ''Import'' action which will start the ''Certificate Import Wizard'':

[[Image(htdocs:cert_import_wizard.png)]]

'''Never double-click''' on a PKCS12 certificate file because the content will end
up in the ''current user'' instead of the ''local computer'' part of the Windows registry
and will not be available for IPsec. A PKCS12 container stores an ''end entity certificate'',
a corresponding ''private key'' and usually the ''Root CA certificate'' or the whole CA trust chain.
It is recommended to store all this information in the ''Personal'' certificate store firt and to move
the Root CA certificate to the correct location later on.

[[Image(htdocs:cert_import_wizard_store.png)]]

Select the PKCS12 (*.p12) certificate file to be imported:

[[Image(htdocs:cert_import_wizard_path.png)]]

You are prompted for the passphrase the PKCS12 container is protected with:

[[Image(htdocs:cert_import_wizard_passphrase.png)]]

After the successful PKCS12 import the Root CA certificate can be moved to the
''Trusted Root Certification Authorities / Certificates'' folder:

[[Image(htdocs:snapin_trusted_ca_certificates.png)]]

Double-clicking on the end entity certificate left in the ''Personal / Certificates'' folder
the a corresponding private key is present in the registry:

[[Image(htdocs:cert_general.png)]]

and that a valid trust path has been established:

[[Image(htdocs:cert_trust_path.png)]]