In vWorkspace, as in many other products, certificates are used to help increase security. Cerficates and PKI aren’t the easiest of subjects but this article might help you out.
Here are several pitfalls that can make your life miserable when working with certificates and what tools are available by Microsoft.
Instead of organizing private keys and certificate in files, Windows uses certificate stores to save certificates. There is a machine-wide store as well as a personal store for each user and service account. When working with certificates, Windows provides a cumulative view of the system-wide store and the personal store so that sytem-wide certificates can be maintained in a single place by Microsoft via Windows Update while personal certificates are stored separately from other users.
Each store is divided into logical storage categories to separate certificates of different types. The most common logical storage categories are the following:
- Personal – This is where certificates with private keys are stored by default. Learn more about them (LINK) as well as how to request them (LINK).
- Trusted Root Certificate Authorities – When importing a root CA certificate into this logical storage category, Windows asks you to confirm your trust in this certificate. Learn more about CAs (LINK).
- Intermediate Certificate Authorities
Certificate stores can be accessed using the MMC snapin called „Certficates“ or by launching „CertMgr.msc“. The latter only displays the certificate store for the currently logged on user where as the MMC snapin allows for alls stores to be browsed and modified.