This may seem a bit strange, but here is what I am looking to do. I am planning to use a WEB/SSL VPN to secure a business web app. For security, I will be using certificates to authenticate the WEBVPN user. This may be a somewhat cheesy way, but I am using MS CA on server 2003, and IAS for authentication control. The remote users will be domain members only for certificate/IAS purposes. What I need to do is to create there user certificates, and be able to email them the .pfx files. The problem is, that I cannot figure out how to get the certificate with the private key, while marking the public key non exportable. I know I can just have a workstation, request the cert for each user, and export it, but to make that work, I have to have the keys marked exportable in my CA, which is what I am very much needing to avoid. How can I go about this so that I(not the end user since they will have NO access to my CA server), can create there certificate, which will be non exportable, and still get the private key/PFX file to be able to send to them to install?
No announcement yet.
2003 CA create non exportable PFX