At least not on Windows. Sometimes. It depends. It took us a while to find the reason why the private key in a Microsoft certificate store couldn't be accessed by a Cisco VPN Client when it required it for a connection. The log on the VPN client says the private key cannot be accessed, but when accessing the MS certificate store with the MMC console on XP, the certificate looks ok, and the existence of a private key is confirmed. Removing the key pair and re-importing works of course. It turns out, that this only happens when a user changes her NT4-domain password, after which access to the private key is lost. We determined, that changing the password back to the old value restores access to the private key. It is a documented feature, and I just love this bit:

To regain access to the certificate functionality on an individual workstation after a password change, change the password back to the password that was used when the files were last encrypted.

Yeah. Right. I suppose the behavior differs in Vista; access to the private key is lost when you change the colour of the desktop. Just kidding. I hope. ;-)


blog comments powered by Disqus