Skip to content
Certs from Windows certificate store?
Got a problem with Viscosity or need help? Ask here!
Does Viscosity support using certs from the local Windows certificate store?
I saw this topic from 2013, but I was wondering if anything has changed?
Also, to somewhat continue the discussion from that thread, I'd like to point out that there are two certificate stores on Windows. A user certificate store and a computer certificate store. We deploy computer certificates to each computer for things like 802.1x auth. It'd be nice to use this cert in Viscosity for OpenVPN.
If you're not familiar (it looks like you guys use Macs primarily?), you can access the computer store by launching certlm.msc from the Start menu.
Additionally, the certificate and its private key can be exported by the "SYSTEM" user. As proof-of-concept, I created a scheduled task to run this PowerShell script as SYSTEM:
I saw this topic from 2013, but I was wondering if anything has changed?
Also, to somewhat continue the discussion from that thread, I'd like to point out that there are two certificate stores on Windows. A user certificate store and a computer certificate store. We deploy computer certificates to each computer for things like 802.1x auth. It'd be nice to use this cert in Viscosity for OpenVPN.
If you're not familiar (it looks like you guys use Macs primarily?), you can access the computer store by launching certlm.msc from the Start menu.
Additionally, the certificate and its private key can be exported by the "SYSTEM" user. As proof-of-concept, I created a scheduled task to run this PowerShell script as SYSTEM:
Code: Select all
That created a PKCS#12 bundle containing the cert and private key. I used Task Scheduler because it's the only way I know of to force something to run as SYSTEM.$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path cert:\LocalMachine\My\A56EA518E4020FF65959E79A9D096DC99F976449 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd
Hi trj,
While that post is quite old, I'm afraid cryptocertapi through OpenVPN is still the only way to access certificates from the Windows certificate store and only the local machine's store can be used due to OpenVPN not being run as a user.
http://sparklabs.com/support/kb/article ... ptoapicert
We are planning on adding direct compatibility between Viscosity and Windows crypto stores in a future release.
Regards,
Eric
While that post is quite old, I'm afraid cryptocertapi through OpenVPN is still the only way to access certificates from the Windows certificate store and only the local machine's store can be used due to OpenVPN not being run as a user.
http://sparklabs.com/support/kb/article ... ptoapicert
We are planning on adding direct compatibility between Viscosity and Windows crypto stores in a future release.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
3 posts
Page 1 of 1