Server 2003 R2 (file server)
Server 2003 Certificate server
We have a user Cindy who when she encrypts a file on the server via a drive share, the certificate used is one that is revoked.
We want to give her a new certificate.
This is what we have tryed
1) Cindy has logged onto the server directly, run certmgr and removed her certificates.
2) Cindy then navigated to the crypto folder and deleted all entries there.
3) She then requested a new certificate via cert mgr.
4) She then logged into her workstation and encrypted a file on the file server.
5) We looked at the certificate used and it was the old one.
we did all the same as above for her local machine and that did not work either.
we logged onto the certificate
server and ran the Certificate manager. we found the particular certificate as a revoked certificate. The software does not allow deletion of a certificate.
The real question is this.
How do we control what certificate is used in an encryption scenario when a user encrypts a file through a file share onto a file server?
We had a microsoft representative remote access our servers for two days and could not solve this issue.
It is a simple question. I would be greatful to anyone who can shed some light on this issue. I have read just about every microsoft publication on how encryption works. But no documents i have found yet speaks unambiguously on how to "control" which certificate is used to encrypt a file.
- Edited by JerryCic Thursday, March 18, 2010 4:30 AM