HI

I Have repackaged a set of certificates used for a web based application with wise

The problem I have is during the deployment of the msi.

the msi deploys ok on some client pc 's but not on other pc's with exactly the same build.

all the individual clients have the same admin rights
the op is win 2000

the error that I am getting is error 1406 " could not write value certificates to key"

hkcu/software/microsoft/systemcertificates/root/protectedroots

please any ideas will be much appreciated
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Only SYSTEM have write permission to this key

[8|]
Answered 04/10/2005 by: Bartesque
Orange Senior Belt

Please log in to comment
0
Import the certificate as a custom action, run in the deferred system context would be my suggestion, see this site:

http://weblogs.asp.net/hernandl/archive/2005/02/09/WinHttpCertCfgTool.aspx

Snapshotting the importation of a certificate is Bad News in my opinion.
Answered 04/12/2005 by: plangton
Second Degree Blue Belt

Please log in to comment
0
I know this prob doesnt help, but have u thought of installing the required certs via GP?
Might prove to be a more reliable way.
Answered 04/13/2005 by: rahvintzu
Orange Senior Belt

Please log in to comment
0
thanks all for the pointers
Answered 04/13/2005 by: cygan
Fifth Degree Brown Belt

Please log in to comment
1
I have the following solution to implement a certificate:

1. Download the .Net SDK which contains the certmgr.exe tool.
2. put the certmgr.exe tool and the certificate.cer in one folder
3. use the following commandline parameter:

certmgr.exe -add -all certifcatename.cer -s -r localmachine Root

you can wrap this up in a msi or whatever you like....

greetz,

Jeroen
Answered 07/28/2005 by: jaybee96
Red Belt

Please log in to comment
0
certmgr.exe -add -all certifcatename.cer -s -r localmachine Root

Works like a charm. Thanks so much for this hint!
And to make things easy, here the download link.
Answered 07/29/2005 by: KPrinz
Fourth Degree Green Belt

Please log in to comment
-1
Nice pickup Jeroen :)

I have to ask though.......does running that command allow users to install any certificate on the workstation?

If it does then its not a real good solution for a locked down environments because users might visit a website and install certificates that may be dangerous to the enterprise. Having users installing certificates from websites that install browser hijacks could be very embarrassing indeed.
Answered 07/29/2005 by: MSIMaker
Second Degree Black Belt

Please log in to comment
0
To be able to "install" an certificate you must have local administrative privilege which seems to be the case of cygan's users. This wouldn't work in a lookdown environment.

I would use a certificate server that publish the certificate to the end user, which will also do the trick to change the certificate when needed in a easier manner.
Answered 07/29/2005 by: AngelD
Red Belt

Please log in to comment
0
ORIGINAL: MSIMaker
I have to ask though.......does running that command allow users to install any certificate on the workstation?


Uh?
certmgr.exe is the command line tool to the Certificate Import Wizard that you run from inside IE. Nothing else. It just does the same thing on a cmd line to run it from a script.
Answered 08/01/2005 by: KPrinz
Fourth Degree Green Belt

Please log in to comment
Answer this question or Comment on this question for clarity