Skip to content
Current Status of Windows User Certificate Store Support
Got a problem with Viscosity or need help? Ask here!
Hi,
I would like to know if there is been any progress to having viscosity access to the Windows built-in certificate store at the user level? or anything coming in the future?
Issue
cryptoapicert can only access the MACHINE store and the service account user store.
Our use case:
Certificates are issued by ADCS to the users automatically and are stored in their personal store.
OpenVPN server checks the username against the certificate CN
User-level certificates can be easily revoked.
Thank you in advance!
I would like to know if there is been any progress to having viscosity access to the Windows built-in certificate store at the user level? or anything coming in the future?
Issue
cryptoapicert can only access the MACHINE store and the service account user store.
Our use case:
Certificates are issued by ADCS to the users automatically and are stored in their personal store.
OpenVPN server checks the username against the certificate CN
User-level certificates can be easily revoked.
Thank you in advance!
Hi mujjy,
The cryptoapicert command will check both the System/Machine store, and the user who is running Viscosity, this has been the case for some time with Viscosity.
The service will first check the system store for a matching credential, if it is not found, you should see the following in the log, and then Viscosity will check the local users store for a matching credential:
Just to clarify as well, a credential must be stored to work with the cryptoapicert command, i.e. a PFX/P12 file containing both the users certificate and key, not just a certificate.
If you're having issues, please feel free to post a complete copy of your log - https://sparklabs.com/support/kb/articl ... ed-logging
Regards,
Eric
The cryptoapicert command will check both the System/Machine store, and the user who is running Viscosity, this has been the case for some time with Viscosity.
The service will first check the system store for a matching credential, if it is not found, you should see the following in the log, and then Viscosity will check the local users store for a matching credential:
Code: Select all
You will need to ensure there are no matching certificates in the machine store, and that Viscosity.exe is running as the correct user.Failed to find object in LocalMachine/Administrator CryptoAPI. Falling back to search CurrentUser...
Just to clarify as well, a credential must be stored to work with the cryptoapicert command, i.e. a PFX/P12 file containing both the users certificate and key, not just a certificate.
If you're having issues, please feel free to post a complete copy of your log - https://sparklabs.com/support/kb/articl ... ed-logging
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts
Page 1 of 1