Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, February 15, 2011 7:05 AM
Hi,
I have two tier PKI infrastructure in my organization. Root CA is offline. Subordinate CA is online and working fine.
I have created a User Certificate Template and issue the same to all user.
One of my user is accidentally deleted it's certificate from Internet Explorer. I have checked that certificate is visible in Subordinate CA.
I want to recover that same deleted user certificate on client machine. I don't want to issue a new certificate to user.
Is it possible ? If yes then how ?
All replies (3)
Tuesday, February 15, 2011 7:13 AM ✅Answered | 1 vote
<posted from similar thread>
It is likely that the private key is still on the workstation. If you get the certificate request ID from the CA, then you can re-install it be grabbing it from the CA database.
1. On the CA, find the certificate in the Issued Certificates and get its request ID
2. On the client, use certreq to retreive the certificate again and save it to a file. (certreq -config "<ca machine name>\ca name>" -retrieve <requestID> <file.cer>)
3. On the client, open the new certificate file copy the serial number.
4. While the certificate is open, click "Install certificate...". Tell it to install in the Personal store.
5. On the client, use certutil to repair the certificate with it's private key (certutil -user -repairstore MY "<serial number>")
Tuesday, February 15, 2011 8:29 AM ✅Answered
> Is there any way to restrict user not to delete there personal certificate ???
no there is no way to restrict them.
p.s. not sure if this is already blogged, but you can check a link for more details:
The case of accidentally deleted user certificates
Tuesday, February 15, 2011 8:22 AM
Thanks Martin,
I will check this and then I will let u know.
Is there any way to restrict user not to delete there personal certificate ???
I had given Read, Enroll and Auto Enroll permission to all users on Certificate Template which we are using.