Project

General

Profile

Storing a Windows 7 Machine Certificate » History » Version 2

Martin Willi, 20.01.2009 07:24
Completed Win7Certs page

1 2 Martin Willi
= Storing a Windows 7 Machine Certificate =
2 1 Martin Willi
3 1 Martin Willi
First call up the ''Microsoft Management Console'' (mmc) and add the Certificates Snap-In:
4 1 Martin Willi
5 1 Martin Willi
[[Image(htdocs:snapin_add.png)]]
6 1 Martin Willi
7 1 Martin Willi
It is of the '''utmost importance''' that you select ''Computer account'':
8 1 Martin Willi
9 1 Martin Willi
[[Image(htdocs:snapin_computer_account.png)]]
10 1 Martin Willi
11 1 Martin Willi
Go into the ''Certificates (Local Computer) / Personal / Certificates'' folder 
12 1 Martin Willi
13 1 Martin Willi
[[Image(htdocs:snapin_personal_certificates.png)]]
14 1 Martin Willi
15 1 Martin Willi
and select the ''Import'' action which will start the ''Certificate Import Wizard'': 
16 1 Martin Willi
17 1 Martin Willi
[[Image(htdocs:cert_import_wizard.png)]]
18 1 Martin Willi
19 1 Martin Willi
'''Never double-click''' on a PKCS12 certificate file because the content will end
20 1 Martin Willi
up in the ''current user'' instead of the ''local computer'' part of the Windows registry
21 2 Martin Willi
and will not be available for IPsec. A PKCS12 container stores an ''end entity certificate'',
22 2 Martin Willi
a corresponding ''private key'' and usually the ''Root CA certificate'' or the whole CA trust chain.
23 2 Martin Willi
It is recommended to store all this information in the ''Personal'' certificate store firt and to move
24 2 Martin Willi
the Root CA certificate to the correct location later on.
25 1 Martin Willi
26 1 Martin Willi
[[Image(htdocs:cert_import_wizard_store.png)]]
27 1 Martin Willi
28 2 Martin Willi
Select the PKCS12 (*.p12) certificate file to be imported:
29 1 Martin Willi
30 1 Martin Willi
[[Image(htdocs:cert_import_wizard_path.png)]]
31 2 Martin Willi
32 2 Martin Willi
You are prompted for the passphrase the PKCS12 container is protected  with:
33 2 Martin Willi
34 2 Martin Willi
[[Image(htdocs:cert_import_wizard_passphrase.png)]]
35 2 Martin Willi
36 2 Martin Willi
After the successful PKCS12 import the Root CA certificate can be moved to the
37 2 Martin Willi
''Trusted Root Certification Authorities / Certificates'' folder: 
38 2 Martin Willi
39 2 Martin Willi
[[Image(htdocs:snapin_trusted_ca_certificates.png)]]
40 2 Martin Willi
41 2 Martin Willi
Double-clicking on the end entity certificate left in the ''Personal / Certificates'' folder
42 2 Martin Willi
 the a corresponding private key is present in the registry:
43 2 Martin Willi
44 2 Martin Willi
[[Image(htdocs:cert_general.png)]]
45 2 Martin Willi
46 2 Martin Willi
and that a valid trust path has been established:
47 2 Martin Willi
48 2 Martin Willi
[[Image(htdocs:cert_trust_path.png)]]