Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pull from "Computer Certificates" instead of "User Certificates" #24

Open
Josh-Weston opened this issue Sep 19, 2019 · 8 comments
Open

Pull from "Computer Certificates" instead of "User Certificates" #24

Josh-Weston opened this issue Sep 19, 2019 · 8 comments

Comments

@Josh-Weston
Copy link

I read through the API documentation, but could not find an explicit mention of this. I am looking for a way to specify that the certificates should be pulled from the Local Computer's certificates instead of the Current User's certificates (see snapshot).

image
@ukoloff
Copy link
Owner

ukoloff commented Sep 20, 2019

You are right:

Only current user certificates are accessible using this method, not the local machine store.

(see the whole story).

I hope, the way to fetch computer's certificates exists. But should we mess with it?

For example, on my computer there are 59 User certificates and 58 Computer ones. I doubt someone ever installed 58 certificates into my user account. Not me. So, I think, Computer certificates are automagically included into User list by M$. Or not?

@joper30
Copy link

joper30 commented Oct 28, 2019

is possible read private key?

@ukoloff
Copy link
Owner

ukoloff commented Oct 28, 2019

@joper30 It is theoretically possible, but clearly beyond of scope of win-ca. One needs more powerful tool for this purpose.

@joper30
Copy link

joper30 commented Oct 28, 2019

@joper30 It is theoretically possible, but clearly beyond of scope of win-ca. One needs more powerful tool for this purpose.

ohh, please , references?

@joper30
Copy link

joper30 commented Oct 28, 2019

please , is posible sign with certificate win-ca ?

@ukoloff
Copy link
Owner

ukoloff commented Oct 29, 2019

I think, the easiest way is to use edge and run C# or PowerShell script to fetch private key (MSDN provides a log of examples). Unfortunately, edge seems unsupported but a fork exist, may be it works.

@macpraveen
Copy link

macpraveen commented Jul 21, 2021
edited

Is it possible to use this method to open local machine computer certificates ?
https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certopenstore

Thanks

@sebastianfrey
Copy link

When running win-ca in an environment where the executing user is a System user, win-ca fails to pull the self signed certificates, since they are available through the System Certificates store and not the User Certificates store. In enterprise environments it is common practice, that services are executed as System user. So indeed it would be nice, to have the ability to specify from which store win-ca should read.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ukoloff @joper30 @macpraveen @Josh-Weston @sebastianfrey