Publish user certificate to a AD contact

[Marten]

Hi,
I try to publish a user certificate to a contact object in AD with the
following command:

certutil -dspublish c:\robert.cer
CN=Robert,OU=External,DC=Domain,DC=Net?userCertificate

I recive the following error:
CertUtil: -dsPublish command FAILED: 0x80070057 (WIN32: 87)
CertUtil: The parameter is incorrect.

The certificate is ok and trusted. Is this the right syntax or is it
something else wrong here?

Thanks in advance /Marten

[Brian Komar (MVP)]

The dspublish is used to publish CA certificates, not user certificates
It has specific containers that can be uses (RootCA,SubCA,CrossCA,
NTAuthCA).
Brian

"Marten" <Mar...@discussions.microsoft.com> wrote in message
news:1EBCB478-4796-43C4...@microsoft.com...

[Marten]

Hmm strange, according to this article it should work

http://msexchangeteam.com/archive/2008/04/23/448761.aspx

Do you know another way to do this?

Thanks for your help /Marten

[Paul Adare]

On Sat, 17 May 2008 11:08:01 -0700, Marten wrote:

> Hmm strange, according to this article it should work
>
> http://msexchangeteam.com/archive/2008/04/23/448761.aspx
>
> Do you know another way to do this?

Do you have permissions to write to the userCertificate attribute for the
contact object in question?

--
Paul Adare
http://www.identit.ca
One man's constant is another man's variable. -- Perlis

[Marten]

Yes (enterprise admin), it works if a use "user" as the command switch
instead of the full DN. But of course, then the cerificate get publish to the
logged on user not the contact.

Thanks /Marten

[Saurav Sinha [MSFT]]

you can try the following

certutil -addstore
"CN=Robert,OU=External,DC=Domain,DC=Net?userCertificate?base" c:\robert.cer

[Saurav Sinha [MSFT]]

one clarification(forgot to add the ldap:/// prefix in the previous reply)

certutil -addstore
"ldap:///CN=Robert,OU=External,DC=Domain,DC=Net?userCertificate?base"
c:\robert.cer