How we can restrict the user to export/import certificate

2012-01-05

Question

_{Thursday, January 5, 2012 5:23 AM}

Hi,

We are in process of setting up Wi Fi with certificate authentication and wanted understand how we can restrict the export/import of certificate from one users end point to other users end point.

Ex: User A is already downloaded certifcate and working fine, how we can restrict him to export the certificate from his end point(laptop/Mobile device/Ipad etc) and share with other user B. Also how we can restrict the User B to use the certificate shared by User A.

Regards Mahesh

All replies (3)

_{Monday, January 9, 2012 8:00 AM ✅Answered}

Hi Mahesh,

Thank you for your post.

As far as I know, no way to restrict export/import of certificate.

I suggest you change to EAP-TLS authentication which use computer certificate instead of user certificate to authenticate.

Here is a similar thread mentioned using deny rule in NPS or non-exportable certificates, hope it helps you.

If there are more inquiries on this issue, please feel free to let us know.

Regards,
Rick Tan
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Rick Tan

TechNet Community Support

_{Friday, January 13, 2012 10:36 PM ✅Answered}

Hi.
If you create new Certficate Templates for your usages you can uncheck "Allow private key to be exporeted". This will make the certificate key unexportable. Atleast if the software honors the restrictions set in the certificate. Well they can export the public part, but that is not really a problem.
Oscar Virot

_{Friday, January 13, 2012 6:34 AM}

Hi Mahesh,

I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.