Client certificate question

Answered Question
Mar 24th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hello,

I am novice with certs and I have a question. I want to implement EAP-TLS in a WPA deployment and I have a question about the client-side certificate.

When I install a client certificate in a machine for a specific user, is this certificate only valid for this machine and this user? Or can I export this certificate and use it in another machine but the same user?

Thanks in advance,

Correct Answer by Robert.N.Barrett_2 about 7 years 2 days ago

From my experience, you can copy the certificate to another computer (assuming a modern OS).  There are two problems with this, though:


1 - You must be able to export the entire certificate, including the private key, to be able to use the certificate on another machine.  Most PKI implementations prohibit/disable this.


2 - If you can export the certificate, including the private key, then you are risking the loss of integrity of your PKI.  Someone else can get that cert with the private key and impersonate the user.

Correct Answer by Scott Fella about 7 years 2 days ago

Here is a good link that explains the Microsoft certificate requirements.


http://support.microsoft.com/kb/814394

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Scott Fella Wed, 03/24/2010 - 06:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Here is a good link that explains the Microsoft certificate requirements.


http://support.microsoft.com/kb/814394

Correct Answer
Robert.N.Barrett_2 Wed, 03/24/2010 - 09:44
User Badges:
  • Bronze, 100 points or more

From my experience, you can copy the certificate to another computer (assuming a modern OS).  There are two problems with this, though:


1 - You must be able to export the entire certificate, including the private key, to be able to use the certificate on another machine.  Most PKI implementations prohibit/disable this.


2 - If you can export the certificate, including the private key, then you are risking the loss of integrity of your PKI.  Someone else can get that cert with the private key and impersonate the user.

Actions

This Discussion

 

 

Trending Topics - Security & Network