PKI, domain certificates and key archival
Hi!
i tested key archival configuration. i think i know how certificates are stored and where...
private keys should be stored in user profile - right?
and then it comes standard domain certificates - i.e. for users. how it is possible, that user certificate roam with user from station to station? it means that private key is stored in AD - or where else? but it works even if there is no folder redirection
or key archival...
can anyone explain to me [or pass a link] how the hell is private key stored in which scenarios? if i will install external cert with private key for a user - should it be automatically roaming with user? what is the purpose of key archive after all - if
cert is somewhere in AD anyways, if user lost cert on one comp she may simply logon to other computer...
got lost a bit /:-o((: Leliv
December 20th, 2012 6:18am
This is a probably a good start:
http://blogs.technet.com/b/askds/archive/2009/01/06/certs-on-wheels-understanding-credential-roaming.aspx
The best term to search on is 'credential roaming'.
Cheers
JJJason Jones |
Microsoft MVP | Silversands Ltd | My Blogs:
http://blog.msedge.org.uk and
http://blog.msfirewall.org.uk
Free Windows Admin Tool Kit Click here and download it now
December 20th, 2012 8:42am
C'est ca!
it's exactly what i was looking for! thx!
-o((: Leliv
December 20th, 2012 9:14am