Private Key Passphrase when importing .p12-File into Windows 10


#1

Hi all,

the Import-Manager of Windows 10 asks for a passphrase of the private key, after downloading an enrolled certificate-token.
I just created a local test-CA; enrolled a certificate for a user and downloaded the pkcs12-File.
Does privacyIDEA encrypt the private key with a certain passphrase by default?

Kind regards

Axel Czuck


#2

Hi Axel,
Set a PIN and use the PIN.
https://privacyidea.readthedocs.io/en/latest/modules/lib/tokentypes/certificate.html

Kind regards
Cornelius


#3

Hi Cornelius,

you have been 30 Minutes faster than me.
Found out that a pkcs12-installation does not like the “otp_pin_random”-Policy that much.
We generally did not want the user to have the pin-option at all.
In the end we will enable this possibility for the user…

Thanks for your reply

Kind regards
Axel


#4

Hi Cornelius,

when I allow the user to enroll TOTP and Certificates, he can only set the PIN for TOTP in the WebUI (The Pin-Fields in the Certificate-View are missing).
When I allow him only to enroll Certificates, he is able to set a pin for this certificates?
Why does privacyIDEA behave like this?

Kind regards

Axel


#5

Hi Axel,

could be some broken logic in the webui.
You could open an issue at github, including your policies.

Kind regards
Cornelius