Certs from Windows certificate store?

Got a problem with Viscosity or need help? Ask here!

trj__

Posts: 4
Joined: Fri Apr 28, 2017 7:25 am

Post by trj__ » Fri Apr 28, 2017 8:04 am
Does Viscosity support using certs from the local Windows certificate store?

I saw this topic from 2013, but I was wondering if anything has changed?

Also, to somewhat continue the discussion from that thread, I'd like to point out that there are two certificate stores on Windows. A user certificate store and a computer certificate store. We deploy computer certificates to each computer for things like 802.1x auth. It'd be nice to use this cert in Viscosity for OpenVPN.

If you're not familiar (it looks like you guys use Macs primarily?), you can access the computer store by launching certlm.msc from the Start menu.

Additionally, the certificate and its private key can be exported by the "SYSTEM" user. As proof-of-concept, I created a scheduled task to run this PowerShell script as SYSTEM:
Code: Select all
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path cert:\LocalMachine\My\A56EA518E4020FF65959E79A9D096DC99F976449 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd
That created a PKCS#12 bundle containing the cert and private key. I used Task Scheduler because it's the only way I know of to force something to run as SYSTEM.

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Apr 28, 2017 11:50 am
Hi trj,

While that post is quite old, I'm afraid cryptocertapi through OpenVPN is still the only way to access certificates from the Windows certificate store and only the local machine's store can be used due to OpenVPN not being run as a user.

http://sparklabs.com/support/kb/article ... ptoapicert

We are planning on adding direct compatibility between Viscosity and Windows crypto stores in a future release.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

trj__

Posts: 4
Joined: Fri Apr 28, 2017 7:25 am

Post by trj__ » Tue May 02, 2017 8:19 am
Wonderful - that is probably better than trying to extract the cert from the store. Many thanks!
3 posts Page 1 of 1