Project

General

Profile

Storing a Windows 7 Machine Certificate » History » Version 5

Martin Willi, 20.01.2009 11:14
corrected a typo

1 1 Martin Willi
2 5 Martin Willi
h1. Storing a Windows 7 Machine Certificate
3 1 Martin Willi
4 5 Martin Willi
5 5 Martin Willi
First call up the _Microsoft Management Console_ (mmc) and add the Certificates Snap-In:
6 5 Martin Willi
7 1 Martin Willi
[[Image(htdocs:snapin_add.png)]]
8 1 Martin Willi
9 5 Martin Willi
It is of the *utmost importance* that you select _Computer account_:
10 1 Martin Willi
11 1 Martin Willi
[[Image(htdocs:snapin_computer_account.png)]]
12 1 Martin Willi
13 5 Martin Willi
Go into the _Certificates (Local Computer) / Personal / Certificates_ folder 
14 1 Martin Willi
15 1 Martin Willi
[[Image(htdocs:snapin_personal_certificates.png)]]
16 1 Martin Willi
17 5 Martin Willi
and select the _Import_ action which will start the _Certificate Import Wizard_: 
18 1 Martin Willi
19 1 Martin Willi
[[Image(htdocs:cert_import_wizard.png)]]
20 1 Martin Willi
21 5 Martin Willi
*Never double-click* on a PKCS12 certificate file because the content will end
22 5 Martin Willi
up in the _current user_ instead of the _local computer_ part of the Windows registry
23 5 Martin Willi
and will not be available for IPsec. A PKCS12 container stores an _end entity certificate_,
24 5 Martin Willi
a corresponding _private key_ and usually the _Root CA certificate_ or the whole CA trust chain.
25 5 Martin Willi
It is recommended to store all this information in the _Personal_ certificate store first and to move
26 2 Martin Willi
the Root CA certificate to the correct location later on.
27 1 Martin Willi
28 1 Martin Willi
[[Image(htdocs:cert_import_wizard_store.png)]]
29 1 Martin Willi
30 1 Martin Willi
Select the PKCS12 (*.p12) certificate file to be imported:
31 1 Martin Willi
32 1 Martin Willi
[[Image(htdocs:cert_import_wizard_path.png)]]
33 2 Martin Willi
34 2 Martin Willi
You are prompted for the passphrase the PKCS12 container is protected  with:
35 2 Martin Willi
36 2 Martin Willi
[[Image(htdocs:cert_import_wizard_passphrase.png)]]
37 2 Martin Willi
38 2 Martin Willi
After the successful PKCS12 import the Root CA certificate can be moved to the
39 5 Martin Willi
_Trusted Root Certification Authorities / Certificates_ folder: 
40 2 Martin Willi
41 2 Martin Willi
[[Image(htdocs:snapin_trusted_ca_certificates.png)]]
42 2 Martin Willi
43 5 Martin Willi
Double-clicking on the _end entity certificate_ left in the _Personal / Certificates_ folder
44 3 Martin Willi
shows that a corresponding private key is present in the registry:
45 2 Martin Willi
46 2 Martin Willi
[[Image(htdocs:cert_general.png)]]
47 2 Martin Willi
48 3 Martin Willi
and that a valid certificate trust path has been established:
49 2 Martin Willi
50 2 Martin Willi
[[Image(htdocs:cert_trust_path.png)]]