Use Cryptoapicert with user store

Got a problem with Viscosity or need help? Ask here!

yunai39

Posts: 1
Joined: Tue Apr 01, 2014 7:06 pm

Post by yunai39 » Tue Apr 01, 2014 7:10 pm
Good Morning,

We use cryptoapicert for our VPN client, the certificate is loaded in the computer store so far.

I was wondering if there was any possibility (now or in the future) to use the certificate from the user store instead of the computer store ?

Any information would be appriceated, because when our client need to update the certificate they need to have admin right to do it and that is a problem.


Thank you

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Apr 02, 2014 2:35 am
Hi yunai39,

Direct support from the Windows Certificate Store in Viscosity is something on our future features list, I'm afraid it isn't something that will be included in the immediate future though.

In the mean time, the main issue is OpenVPN needs to be run with Administrative permissions, and the user that has access to their certificate store generally doesn't have Admin rights. If they do, or if you can create an Admin user that has access to another users Certificate Store, you can change the user that runs Viscosity Service (changing who launches OpenVPN) and then you should be able to adjust your cryptoapicert select to point to the certificate now under the control of your standard user. I'm afraid though we haven't tested this scenario so I can't guarantee it will work. To change the user running Viscosity Service:

Go to start, type in services and run the Services.msc snap-in.
Locate Viscosity Service, right click it and go to Properties
Click Stop, then go to the Log On tab
Change the dialog to "This account" and enter the login information for a Local Administrator account. A Domain Admin account may work, but you will need to experiment with this as it will differ depending on your AD setup.
Click Apply, go back to the General tab and start the service

We'd be very interested to hear any feedback if this works for you.

Regards,

Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1