How to publish EFS Certificate in AD

MJ

Distinguished
Apr 6, 2004
61
0
18,630
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

How to publish a locally created (i.e. self-signed) EFS Certificate in Active
Directory ?

I'm not refering to ADUC mmc; there must be command line utility that
end-user simply runs to publish his/her EFS Certificate in AD.

Any idea,

TIA,

Mike
 
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Certutil.exe will do that from command line. You can get the tool by
installing the adminpak (or from a computer with Certificate Services
installed).

The UI alternative is to open your Certificates Snap-in (Start > Run >
certmgr.msc). You'll see a store called "Active Directory User Object."
Right-click it and select "All Tasks" > "Import" to import a certificate from
file; or, if the self-signed certificate is in your Personal store (in the
same snap-in), you can copy/paste it into the ADUO store.

Thanks.
Pat

"MJ" wrote:

> How to publish a locally created (i.e. self-signed) EFS Certificate in Active
> Directory ?
>
> I'm not refering to ADUC mmc; there must be command line utility that
> end-user simply runs to publish his/her EFS Certificate in AD.
>
> Any idea,
>
> TIA,
>
> Mike
 
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Pat; I'll definitely try certutil.

"Pat Hoffer [MSFT]" wrote:

> Certutil.exe will do that from command line. You can get the tool by
> installing the adminpak (or from a computer with Certificate Services
> installed).
>
> The UI alternative is to open your Certificates Snap-in (Start > Run >
> certmgr.msc). You'll see a store called "Active Directory User Object."
> Right-click it and select "All Tasks" > "Import" to import a certificate from
> file; or, if the self-signed certificate is in your Personal store (in the
> same snap-in), you can copy/paste it into the ADUO store.
>
> Thanks.
> Pat
>
> "MJ" wrote:
>
> > How to publish a locally created (i.e. self-signed) EFS Certificate in Active
> > Directory ?
> >
> > I'm not refering to ADUC mmc; there must be command line utility that
> > end-user simply runs to publish his/her EFS Certificate in AD.
> >
> > Any idea,
> >
> > TIA,
> >
> > Mike