Thank you for sharing your knowledge Slav :)
Eric,
There's just one more thing: the non-exportable certificates can in fact be exported, because the OS mechanisms that prevent the export aren't a security
boundary (unless the cert is in specialised hardware storage like HSM or smart card)
http://www.isecpartners.com/jailbreak.html
s.
Eric wrote:Thank you for sharing your knowledge Slav :)
ce containing the PFX file to install the key to the servers that need it >>> (making sure not to mark the private keys as exportable when importing >>> onto the server), and finally storing the device in a locked safe, where >>> it remains
Thanks Alun for those nice advices ! =))
--
Eric
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (2 / 14) |
Uptime: | 109:15:09 |
Calls: | 6,852 |
Calls today: | 3 |
Files: | 12,355 |
Messages: | 5,416,164 |