SparkLabs Forum.

Community Help.


Certs from Windows certificate store?

Does Viscosity support using certs from the local Windows certificate store?

I saw this topic from 2013, but I was wondering if anything has changed?

Also, to somewhat continue the discussion from that thread, I'd like to point out that there are two certificate stores on Windows. A user certificate store and a computer certificate store. We deploy computer certificates to each computer for things like 802.1x auth. It'd be nice to use this cert in Viscosity for OpenVPN.

If you're not familiar (it looks like you guys use Macs primarily?), you can access the computer store by launching certlm.msc from the Start menu.

Additionally, the certificate and its private key can be exported by the "SYSTEM" user. As proof-of-concept, I created a scheduled task to run this PowerShell script as SYSTEM:

Code: Select all

$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path cert:\LocalMachine\My\A56EA518E4020FF65959E79A9D096DC99F976449 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd


That created a PKCS#12 bundle containing the cert and private key. I used Task Scheduler because it's the only way I know of to force something to run as SYSTEM.
Hi trj,

While that post is quite old, I'm afraid cryptocertapi through OpenVPN is still the only way to access certificates from the Windows certificate store and only the local machine's store can be used due to OpenVPN not being run as a user.

http://sparklabs.com/support/kb/article ... ptoapicert

We are planning on adding direct compatibility between Viscosity and Windows crypto stores in a future release.

Regards,
Eric
Wonderful - that is probably better than trying to extract the cert from the store. Many thanks!
3 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy