[zz]The difference of importing cerficate into Local Computer or Registry physical store

http://www.vandyke.com/products/vshell/docs/windows/Use_X.509_Certificates.htm

 

Installing CA Certificates in the Trusted Roots Store

Users attempting to logon to VShell using X.509 certificates for authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in VShell is public-key authentication. See also: identity file, public-private key pair will not be successful if the certificate for the certificate authority (CA) that issued the user's certificate has not been installed in the Trusted Root Certification Authorities store on the machine where VShell is running. If this authentication failure occurs, VShell's will log the following error:

The public key supplied for user johndoe is invalid: A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.

Installing the CA certificate in the Trusted Root Certification Authorities store will solve this problem. It is also important that the certificate be installed in the Local Computer store as indicated in the following steps.

Note: The following steps assume that the CA certificate has been downloaded as a *.cer file and that you are running under Window 2000. You must also be logged on as Administrator to complete the following steps.

1.   Right-click the certificate file and select Open from the resulting menu. This will display the Properties dialog for the file.

2.   On the Properties dialog, click on the Install Certificate button to start the Certificate Import wizard.

3.   In the wizard, click on the Next button and then choose the Place all certificates in the following store option.

4.   Click on the Browse button to open the Select Certificate Store dialog.

5.   Check the Show physical stores check box to allow you to expand the listed stores.

6.   Expand the Trusted Root Certification Authorities store and select the Local Computer store below it.

7.   Click on the OK button to save your selection

8.   Click on the Next and Finish buttons to complete installation of the certificate.

You can now verify that the certificate has been installed in the proper store by using Internet Explorer.

1.   Open the Tools menu and select Internet Options... to open the Internet Options dialog.

2.   Select the Content tab and click on the Certificates button.

3.   The Certificates dialog should list the CA certificate under the Trusted Root Certification Authorities tab.

Note: It is important that you install the certificate in the Local Computer store as indicated above. Choosing the Registry store will install the certificate in the root store for the current user (i.e., Administrator), however the certificate may not be present in the Trusted Root Certification Authorities store that VShell opens while running as the System account.