[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Does openvpn support grabbing certs from IE's "store"


  • Subject: [Openvpn-users] Does openvpn support grabbing certs from IE's "store"
  • From: Jason Haar <Jason.Haar@xxxxxxxxxxxxx>
  • Date: Sat, 04 Dec 2004 18:55:06 +1300

Actually - it's not "IE store" - it'd be some form of Windows API - but that's certainly the way we refer to it :-)

We use Cisco VPN client, and it has the ability to use any certs that are stored within the Windows "cert store" (sorry, I assume there's a proper name for it - I've never looked). This is great because if you run WinXP, the private key is encrypted within the Registry, and is decrypted using your Active Directory password - i.e once you've logged in, the cert "appears" to not be password-protected (when in fact it is).

This is sort of related to the "askpasswd file" thread, I think support for this API would be yet another reason *not* to implement a "askpasswd file" option - if you use the API under Windows - you don't need the password.

(and please - no venting comments about Microsoft not knowing how to implement things until you read up on the topic! They haven't done a bad job in this area. Certainly encrypted Registry APIs make doing things "securely" on Windows laptops a LOT EASIER than doing the same level of security on a Linux laptop.)

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users