Guest michele.gullia@gmail.com Posted May 22, 2008 Posted May 22, 2008 Hi to all. This is my first post and my first step to the PKI knowledge. Someone have asked me if there is a way to make the Root Certificate not exportable so only the one who have installed this certificate in the machine can access via PEAP to the wifi network and in the same time the user cannot pass this certificate to another PC. A kind of security enanchement. Ok...i think i have the answer and it's NO, but to be honest I'm too new to this topic and I wont to be sure. Thank for your intrest and sorry for my bad english Quote
Guest S. Pidgorny Posted May 23, 2008 Posted May 23, 2008 You're right - the answer is resounding no. Certificate is public information. It is presented to anybody requesting PEAP connection. What you're looking for if protected private key. Use EAP-TLS instead of PEAP, put the client certificate (along with private key) on a smart card and that achieves the outlined goal. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- http://sl.mvps.org http://msmvps.com/blogs/sp <michele.gullia@gmail.com> wrote in message news:f8501c23-1edd-4300-a1d3-e7b63168714c@z72g2000hsb.googlegroups.com...<span style="color:blue"> > Hi to all. This is my first post and my first step to the PKI > knowledge. > Someone have asked me if there is a way to make the Root Certificate > not exportable so only the one who have installed this certificate in > the machine can access via PEAP to the wifi network and in the same > time the user cannot pass this certificate to another PC. > A kind of security enanchement. > Ok...i think i have the answer and it's NO, but to be honest I'm too > new to this topic and I wont to be sure. > > Thank for your intrest and sorry for my bad english </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.