Repackaging Certificates
HI
I Have repackaged a set of certificates used for a web based application with wise
The problem I have is during the deployment of the msi.
the msi deploys ok on some client pc 's but not on other pc's with exactly the same build.
all the individual clients have the same admin rights
the op is win 2000
the error that I am getting is error 1406 " could not write value certificates to key"
hkcu/software/microsoft/systemcertificates/root/protectedroots
please any ideas will be much appreciated
I Have repackaged a set of certificates used for a web based application with wise
The problem I have is during the deployment of the msi.
the msi deploys ok on some client pc 's but not on other pc's with exactly the same build.
all the individual clients have the same admin rights
the op is win 2000
the error that I am getting is error 1406 " could not write value certificates to key"
hkcu/software/microsoft/systemcertificates/root/protectedroots
please any ideas will be much appreciated
0 Comments
[ + ] Show comments
Answers (9)
Please log in to answer
Posted by:
jaybee96
18 years ago
I have the following solution to implement a certificate:
1. Download the .Net SDK which contains the certmgr.exe tool.
2. put the certmgr.exe tool and the certificate.cer in one folder
3. use the following commandline parameter:
certmgr.exe -add -all certifcatename.cer -s -r localmachine Root
you can wrap this up in a msi or whatever you like....
greetz,
Jeroen
1. Download the .Net SDK which contains the certmgr.exe tool.
2. put the certmgr.exe tool and the certificate.cer in one folder
3. use the following commandline parameter:
certmgr.exe -add -all certifcatename.cer -s -r localmachine Root
you can wrap this up in a msi or whatever you like....
greetz,
Jeroen
Posted by:
plangton
19 years ago
Import the certificate as a custom action, run in the deferred system context would be my suggestion, see this site:
http://weblogs.asp.net/hernandl/archive/2005/02/09/WinHttpCertCfgTool.aspx
Snapshotting the importation of a certificate is Bad News in my opinion.
http://weblogs.asp.net/hernandl/archive/2005/02/09/WinHttpCertCfgTool.aspx
Snapshotting the importation of a certificate is Bad News in my opinion.
Posted by:
rahvintzu
19 years ago
I know this prob doesnt help, but have u thought of installing the required certs via GP?
Might prove to be a more reliable way.
Might prove to be a more reliable way.
Posted by:
KPrinz
18 years ago
certmgr.exe -add -all certifcatename.cer -s -r localmachine Root
Works like a charm. Thanks so much for this hint!
And to make things easy, here the download link.
Posted by:
AngelD
18 years ago
To be able to "install" an certificate you must have local administrative privilege which seems to be the case of cygan's users. This wouldn't work in a lookdown environment.
I would use a certificate server that publish the certificate to the end user, which will also do the trick to change the certificate when needed in a easier manner.
I would use a certificate server that publish the certificate to the end user, which will also do the trick to change the certificate when needed in a easier manner.
Posted by:
KPrinz
18 years ago
ORIGINAL: MSIMaker
I have to ask though.......does running that command allow users to install any certificate on the workstation?
Uh?
certmgr.exe is the command line tool to the Certificate Import Wizard that you run from inside IE. Nothing else. It just does the same thing on a cmd line to run it from a script.
Posted by:
MSIMaker
18 years ago
Nice pickup Jeroen :)
I have to ask though.......does running that command allow users to install any certificate on the workstation?
If it does then its not a real good solution for a locked down environments because users might visit a website and install certificates that may be dangerous to the enterprise. Having users installing certificates from websites that install browser hijacks could be very embarrassing indeed.
I have to ask though.......does running that command allow users to install any certificate on the workstation?
If it does then its not a real good solution for a locked down environments because users might visit a website and install certificates that may be dangerous to the enterprise. Having users installing certificates from websites that install browser hijacks could be very embarrassing indeed.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.