see sharp RSS 2.0
# Thursday, 11 March 2010

To enable foreign key import on a MS CA you need to set the registry accordingly:

certutil –setreg ca\KRAFlags +KRAF_ENABLEFOREIGN

then, after a restart of the CA service, you can start importing:

certutil -f -importKMS /?
Usage:
  CertUtil [Options] -ImportKMS UserKeyAndCertFile [CertId]
  Import user keys and certificates into server database for key archival
    UserKeyAndCertFile -- Data file containing user private keys and certificates to be archived.  This can be any of the following:
            Exchange Key Management Server (KMS) export file
            PFX file
            Outlook key export (EPF) file
    CertId -- KMS export file decryption certificate match token.  See -store.
    Use -f to import certificates not issued by the CA.
Options:
  -f                -- Force overwrite
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -silent           -- Use silent flag to acquire crypt context
  -split            -- Split embedded ASN.1 elements, and save to files
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -config Machine\CAName    -- CA and Machine name string
  -p Password               -- Password
  -symkeyalg SymmetricKeyAlgorithm[,KeyLength] -- Name of Symmetric Key Algorithm with optional key length, example: AES,128 or 3DES
CertUtil -?              -- Display a verb list (command list)
CertUtil -ImportKMS -?   -- Display help text for the "ImportKMS" verb
CertUtil -v -?           -- Display all help text for all verbs

 

Thursday, 11 March 2010 08:51:53 (Mitteleuropäische Zeit, UTC+01:00)  #    -
CA
Archive
<2010 March>
SunMonTueWedThuFriSat
28123456
78910111213
14151617181920
21222324252627
28293031123
45678910
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Any link on this site may lead to an external website that is not under my control and that external website might show an opinion that is not mine.

© Copyright 2018
Hannes Köhler
Sign In
Statistics
Total Posts: 39
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2018, Hannes Köhler
DasBlog theme 'Business' created by Christoph De Baene (delarou)