Granting Access To The Private Key For Noc-Client - Colubris Networks CN3000 Administrator's Manual

Chapter 17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Experimenting with NOC authentication - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 17
1. Open a win32 console session.
2. Go into the directory that rktools.exe was downloaded into.
3. Run the command:
4. Go to the temporary directory.
5. Run the command:
Granting access
Using winhttpcertcfg.exe, you need to grant access to the private key imported from
noc-client.pfx to the application that will send customer login information to the CN3000.
to the private
In this example, access needs to be granted to two accounts
key for noc-
• The VBscript application will be run under the administrator account, so access needs
client
• (This step only applies if you are using IIS.) The account used to run IIS also needs
• Create access by running the command:
winhttpcertcfg -g
for demo" -a Administrator
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
E=support@colubris.com
CN=Test-Only Client certificate for demo
OU=Research & Development
O=Colubris Networks Inc.
L=Laval
S=Quebec
C=CA
Granting private key access for account:
To see the list of accounts that have been granted access to the private key:
winhttpcertcfg -l
for demo"
Microsoft (R) WinHTTP Certificate Configuration Tool
Copyright (C) Microsoft Corporation 2001.
Matching certificate:
E=support@colubris.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 406 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
installed on your system. If it is not present, you can download it here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=4b6140f9-2d36-4977-8
fa1-6f8a0f5dca8f&DisplayLang=en#filelist
rktools /C
You will be prompted for a temporary directory name.
Once the extraction process is complete, the following files will be available in the
temporary directory:
rktools.msi
rktools_p.cab
rktools_s.cab
msiexec /a rktools.msi
You will be prompted for a destination directory name.
Once the command will be completed, all the files from the resource kit will be
present in the Program Files\Windows Resource Kits\Tools directory that is created
in the destination directory, including winhttpcertcfg.exe and winhttptracecfg.exe.
to be granted to the administrator.
access to the certificate. This account is IWAM_COMPUTER, where COMPUTER is
replaced by the windows network name assigned to Server 1.
-c LOCAL_MACHINE\My -s "Test-Only client certificate
COMPUTER\Administrator
-c LOCAL_MACHINE\My -s "Test-Only client certificate