Using MMC to Manage SSL Certificates

how to manage ssl certificates

This document explains how to use the Microsoft Management Console (MMC) to import and export SSL Certificates. There are MANY more uses for the MMC. Please see the MMC Documentation for more info.

NOTE: This document assumes that the "existing certificate" is functional on the machine where the exporting is being done. To verify certificate functionality try to start the Secure Echo Server sample using the certificate, then try to connect to the server using the Secure TCP Client. If you get no errors then the certificate is OK!

Starting the MMC

The Microsoft Management Console (MMC) is part of Windows 2000 and Windows XP. It does not exist in NT or 9x. You may be able to do similar functions using IE, but IE versions vary so we will not discuss that here.

To start the MMC:

  1. Start -> Run -> MMC
  2. Choose File | Add/Remove Snap-in.
  3. Click Add
  4. Select Certificates from the list and click the Add button
  5. Choose Computer account
  6. Choose Local Computer
  7. Click Close
  8. Click OK
  9. Repeat steps 2-8, substituting 'My user account' in step 5 and skipping step 6
  10. Choose File | Save As. and save the settings to an .MSC file

In the future you can skip these steps by double-clicking the MSC file or by choosing the MSC from the history under the File menu.

The Microsoft Management Console (MMC) is part of Windows 2000 and Windows XP. It does not exist in NT or 9x. You may be able to do similar functions using IE, but IE versions vary so we will not discuss that here.

Exporting an Existing Certificate

Follow these steps if you want to save a certificate to a file. The file can then be used to import the certificate to another machine.

To export an existing certificate:

  1. Start the MMC by following the steps above or by clicking the MSC file saved previously
  2. Locate the Certificate that you wish to export. Certificates are using installed under the Personal ("MY") store in either the Local Machine or Current User stores
  3. Right Click on the certificate and choose All Tasks | Export
  4. Click Next
  5. Check 'Yes, export the private key' (If it's grayed out, the certificate can't be moved to another machine)
  6. Click Next
  7. Leave the Default setting at "Enable Strong Protection"
  8. Click Next
  9. Choose a password and click next
  10. Save the PFX file using a filename
  11. Click Next and you should see the

    "Completing the Certificate Export Wizard" screen

  12. Click Finish and you are done

The file you just saved can now be moved to another machine.

Importing a Certificate

Follow these steps if you want to move a certificate from one machine to another.

To export an existing certificate:

  1. Start the MMC by following the steps above or by clicking the MSC file saved previously
  2. Choose the store that you want to import to (EXAMPLE: Local Computer -> Personal)
  3. Right Click on the store and choose All Tasks | Import
  4. Click Next
  5. Browse to the PFX file that was previously saved
  6. Click Next
  7. Enter the password. If you want to allow the certificate to be exported again, check 'Mark this key as exportable'
  8. Click Next
  9. Check 'Place all certificates in the following store'
  10. Click Browse
  11. Check 'Show physical stores'
  12. Choose 'Personal' to store to the Current User store or 'Personal -> Registry' to store to the Local Machine store
  13. Click OK
  14. Click Finish

The certificate is now usable, however unless the CA is already trusted ( which is the case for major Certificate providers ) your users will get notified that the certificate is not trusted. To avoid this go to the Website of the Certificate Authority that originally issued the certificate to obtain the CA.

Note about importing certificates Our implementation requires that a certificate be probably imported into a valid Microsoft Certificate Store. If you are importing a certificate that was created from a non-MS source (such as OpenSSL). please assure that you export the certificate properly before attempting to import it into an MS Cert store. Check the docs for whatever SSL system you are using for this info.

In This Section

Security Overview Provides an overview of basic security concepts such as digital certificates and authentication. PowerTCP Secure Implementation Explained Discusses how security is implemented in PowerTCP SSL Sockets for .NET Creating an SSL Client Discusses how to create an SSL Client using the Tcp component. Creating an SSL Server Discusses how to create an SSL Server using the Server component. Using the CertificateListForm Object Demonstrates how to use the CertificateListForm to assist users in selecting a certificate. Using MMC to Manage SSL Certificates Discusses how to use the Microsoft Management Console to manage SSL certificates. Simple Encryption/Decryption Demonstrates how to use the SymmetricCryptoStream to encrypt/decrypt stream-based data. Windows 95/98 Security Compatibility Discusses compatibility issues with Windows 95 and 98. Sockets Security Menu block

Documentation version 1.1.2.0.

Source: www.dart.com

Category: Insurance

Similar articles: