Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: RE: IIS 5
From: Wall, Kevin (Kevin.Wallqwest.com)
Date: Thu Aug 24 2000 - 09:40:31 CDT
- Next message: Bill Frantz: "Random numbers for OAEP"
- Previous message: Kick Willemse: "IIS 5"
- Maybe in reply to: Kick Willemse: "IIS 5"
- Maybe reply: Wall, Kevin: "RE: IIS 5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kick Willemse wrote...
>Looking at using SSL in IIS 5 I didn't find any option
>to secure my private key with a password. Do I miss
> something or does M$??
I've been told by a former US West security principal (but
have not verified for myself), that MS Windoze NT encrypts
the private key for CLIENT-SIDE certificates using one's
NT password and this encrypted private key is stored
somewhere in the NT registry.
Perhaps the same is true of private keys for SERVER-SIDE
certs for IIS. At least one would *hope* that something
like this is the case and it's not being stored in
cleartext, but with M$, one never knows.