I have successfully distributed a couple of private certificates by GPO
to a set of machines in an OU.
[ The certs were created with MS Office MakeCert ]
GPO puts the certs into the container Computer \ Trusted Root
Certificate Store.
In order for users to trust the signed code in an Excel Macro, they are
still being asked to INSTALL the certificate when opening the
spreadsheet.
The only apparent effect / benefit gained from the GPO distribution is
that the cert properties show the cert is trusted, rather than unknown.
IS THERE A SENSIBLE METHOD FOR DISTRIBUTING CERTIFICATES TO USERS SO
THEY DO NOT HAVE TO MANUALLY INSTALL WHEN THEY FIRST ENCOUNTER THE
SPREADSHEET ?
I have identified that the MS tools CertMgr and CertUtil both have the
capacity to extract certs from stores and add certs to stores. This
would be great, but:
DOES ANYONE HAVE A COMPREHENSIVE LIST OF CERTIFICATE STORE NAMES ?
Using an XPsp3 PC, an arbitrary Certificates MMC covering Local
Computer and Current User exposes some 11 cert stores, but does not
reveal their names..... Extensive research has harvested 4 storenames so
far:
- *root*, *ca*, *trust *and *my*
CertMgr has a flag -s to indicate a referenced store is a system
store [presumably system==Local Computer, as opposed to Current User]
whilst CertUtil has a -user option which probably performs the
complementary differentiator function.
Please could some clever person offer assistance ?
cheers
Nick
--
Uncle_Nick
------------------------------------------------------------------------
Uncle_Nick's Profile:
http://forums.techarena.in/members/71921.htm
View this thread:
http://forums.techarena.in/windows-security/1164678.htm
http://forums.techarena.in
FAQ
Search
Profile
Private Messages
Log in
Windows XP