If you duplicate a certificate template in the Windows Server 2003 enterprise CA (Certification Authority) and DO NOT select the Allow private key to be exported box, the new template is added to the list of available templates.
If another user requests a certificate and selects the new template, during Web enrollment, they can select the Mark keys as exportable box, allowing private keys to be exported.
To workaround this behavior, the user that requests a new certificate must select a different template first, and then select the duplicated template. This will cause the Mark keys as exportable box to be unavailable.
0 comments
Hide comments