- Mitch Gallant
"Mark A. Richman" <markar...@gmail.com> wrote in message
news:f0dcd49a-447f-4b3b...@17g2000vbf.googlegroups.com...
"Mark A. Richman" <markar...@gmail.com> wrote in message
news:98a6f968-dd05-4a2a...@k19g2000yqg.googlegroups.com...
A couple of issues with capicom: 1) it will not export private keys,
and 2) it pops up the Crypto API dialog box (making unattended
scripting impossible). Any workarounds here? Is certutil a better
option?
Thanks,
Mark
The only private keys that you really need to backup are the ones for your
CAs (which shouldn't change very often so a manual backup should suffice)
and encryption keys which are used to encrypt data that persists. For the
latter, why not simply enable key archival on the CA?
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
We don't use Certificate Server (if that's required for key archival).
We generally use OpenSSL for self-signed certs, and Entrust for
commercial ones. Can certutil back up private keys?
> We don't use Certificate Server (if that's required for key archival).
> We generally use OpenSSL for self-signed certs, and Entrust for
> commercial ones. Can certutil back up private keys?
I don't believe so no, and I think that whatever solution you may be able
to find is going to be problematic as exporting a private key generally
involves exporting to a PFX file which generally requires a password, which
would involve user input.
"Mark A. Richman" <markar...@gmail.com> wrote in message
news:a50181e5-ffc6-48a9...@e1g2000pra.googlegroups.com...
Can CAPICOM do this? If so, can someone point me to some sample VBScripts
to help with this? I'm a novice at VBScript and totally new to CAPICOM.
thanks,
Rich
(rstr...@ford.com)
> On Tuesday, January 13, 2009 5:38 PM Mitch Gallant wrote:
> You can script Capicom to do this. There is a fairly good example in the
> distribution for Capicom at:
> <install-folder>\samples\vbs\Cstore.vbs
> showing how to export certificates, public+private keys (via pfx) etc..
>
> - Mitch Gallant
>
> "Mark A. Richman" <markar...@gmail.com> wrote in message
> news:f0dcd49a-447f-4b3b...@17g2000vbf.googlegroups.com...
>> On Tuesday, January 13, 2009 8:26 PM Brian Komar \(MVP\) wrote:
>> Just search for CAPICOM. Google or Windows Live are your friend.
>> Brian
>>> On Wednesday, January 14, 2009 12:07 AM Mark A. Richman wrote:
>>> Is there a way to use certutil to export/import the various Windows
>>> certificate stores (My Account, Service Account, Computer Account)?
>>> I'd want to include private keys as well. For disaster recovery, I'd
>>> like to script out this process without having to manually do it in
>>> the MMC snap-in.
>>>> On Wednesday, January 14, 2009 12:07 AM Mark A. Richman wrote:
>>>> Thanks...where can I download Capicom from?
>>>>> On Wednesday, January 14, 2009 9:21 AM Paul Adare wrote:
>>>>> On Tue, 13 Jan 2009 14:18:09 -0800 (PST), Mark A. Richman wrote:
>>>>>
>>>>>
>>>>> The only private keys that you really need to backup are the ones for your
>>>>> CAs (which shouldn't change very often so a manual backup should suffice)
>>>>> and encryption keys which are used to encrypt data that persists. For the
>>>>> latter, why not simply enable key archival on the CA?
>>>>>
>>>>> --
>>>>> Paul Adare
>>>>> MVP - Identity Lifecycle Manager
>>>>> http://www.identit.ca
>>>>>>>> On Tuesday, January 20, 2009 3:00 AM Mark A. Richman wrote:
>>>>>>>> On Jan 13, 8:26=A0pm, "Brian Komar \(MVP\)"
>>>>>>>> <brian.ko...@nospam.identit.ca> wrote:
>>>>>>>> dd05-4a2a-929...@k19g2000yqg.googlegroups.com...
>>>>>>>>
>>>>>>>> A couple of issues with capicom: 1) it will not export private keys,
>>>>>>>> and 2) it pops up the Crypto API dialog box (making unattended
>>>>>>>> scripting impossible). Any workarounds here? Is certutil a better
>>>>>>>> option?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Mark
>>>>>>>>> On Tuesday, January 20, 2009 3:00 AM Mark A. Richman wrote:
>>>>>>>>> r
>>>>>>>>>
>>>>>>>>> We do not use Certificate Server (if that is required for key archival).
>>>>>>>>> We generally use OpenSSL for self-signed certs, and Entrust for
>>>>>>>>> commercial ones. Can certutil back up private keys?
...as a top posted fullquoted article.
BTW, does anyone still participate in this group?