How to configure private key settings for Internet Explorer on Microsoft Vista
Originally Published: 2007-08-01
Article Number
Applies To
Microsoft Windows Vista
Microsoft Internet Explorer
Issue
Resolution
Here are the steps for protecting Private Key from enrollment page:
End-Entity Enrollment:
==============
1. Go to the file <INSTALL-DIR>/WebServer/enroll-server/request-msie.xuda and uncomment the following lines by removing <!-- and --> . When you uncomment the following lines you will get the listbox to Protect Private Key from enrollment page.
<!--
<TR>
<TD BGCOLOR="#D0D0D0" ALIGN="right">Protect private key <FONT SIZE="-2">(2)</FONT>:</TD>
<TD BGCOLOR="#E0E0E0"><SELECT NAME="USERPROTECT"><OPTION VALUE="1">Yes</OPTION><OPTION VALUE="0" SELECTED>No</OPTION></SELECT></TD>
</TR>
-->
<!--
<P><FONT SIZE="-2">Note (2): If this option is checked, the private key will be additionally protected. The precise behavior of this additional protection depends on the Cryptographic service provider you've chosen.</FONT></P>
-->
2. Now go to file <INSTALL-DIR>/WebServer/enroll-server/icontrol.vbs and uncomment the following lines by removing Rem.
2a) For Enrollment from Internet Explorer on Microsoft Windows Vista:
' Added for private key export and protection
Rem Err.clear
Rem Set presence = document.ReqForm.USERPROTECT
Rem If Err.Number = 0 Then
Rem If presence.value = 1 Then
Rem objPrivateKey.KeyProtection = 1
Rem Else
If productTag = "OneStep" Then
objPrivateKey.ExportPolicy = 1
Else
objPrivateKey.ExportPolicy = 1
i = document.all.RequestKeySize.options.selectedIndex
objPrivateKey.Length = document.all.RequestKeySize.options(i).value
End If
Rem End If
Rem End If
2b) For Enrollment from Internet Explorer on non Microsoft Windows Vista:
Rem Err.Clear
Rem Set presence = document.ReqForm.USERPROTECT
Rem If Err.Number = 0 Then
Rem If presence.value = 1 Then
Rem IControl.GenKeyFlags = 2
Rem Else
If productTag = "OneStep" Then
IControl.GenKeyFlags = 1
Else
i = document.all.RequestKeySize.options.selectedIndex
If document.all.RequestKeySize.options(i).value = 1024 Then
IControl.GenKeyFlags = &H4000000 + 1
Else
IControl.GenKeyFlags = &H8000000 + 1
End If
End If
Rem End If
Rem End If
These are all the lines of code which need to be uncommented so that the Protect Private Key option will be visible for End-Entity enrollment.
One-Step Enrollment:
==============
Go to file <INSTALL-DIR>/WebServer/OneStep/htmldocs/icontrol.vbs and uncomment the following lines by removing Rem.
1. For Enrollment from Internet Explorer on Microsoft Windows Vista:
' Added for private key export and protection
Rem Err.clear
Rem Set presence = document.ReqForm.USERPROTECT
Rem If Err.Number = 0 Then
Rem If presence.value = 1 Then
Rem objPrivateKey.KeyProtection = 1
Rem Else
If productTag = "OneStep" Then
objPrivateKey.ExportPolicy = 1
Else
objPrivateKey.ExportPolicy = 1
i = document.all.RequestKeySize.options.selectedIndex
objPrivateKey.Length = document.all.RequestKeySize.options(i).value
End If
Rem End If
Rem End If
2. For Enrollment from Internet Explorer on non Microsoft Windows Vista:
Rem Err.Clear
Rem Set presence = document.ReqForm.USERPROTECT
Rem If Err.Number = 0 Then
Rem If presence.value = 1 Then
Rem IControl.GenKeyFlags = 2
Rem Else
If productTag = "OneStep" Then
IControl.GenKeyFlags = 1
Else
i = document.all.RequestKeySize.options.selectedIndex
If document.all.RequestKeySize.options(i).value = 1024 Then
IControl.GenKeyFlags = &H4000000 + 1
Else
IControl.GenKeyFlags = &H8000000 + 1
End If
End If
Rem End If
Rem End If
These are all the lines of code which need to be uncommented for protecting Private Key in One-Step enrollment.
Notes
For exportable and prompt for high level security for all juridictions, change the code in icontrol.vbs as IControl.GenKeyFlags = &H4000000 + 3
CERTMGR-3722
CERTMGR-3800
Related Articles
How to use RSA Mobile Administration API 9Number of Views How to run the RegisterUserExample Admin API example code in RSA Mobile Authentication Server 1.5 4Number of Views How to search for users with RSA Mobile administration GUI 1Number of Views Browser locale problems for administration 47Number of Views How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6 10Number of Views
Trending Articles
RSA Authentication Manager 8.9 Setup and Configuration Guide How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. RSA Authentication Manager 8.9 Release Notes (January 2026) Configure RSA Authentication Manager as a Secure Proxy Server for Cloud Access Service RSA Authentication Manager Upgrade Process
Don't see what you're looking for?