How to Disable Password Checking for Certificates in IE7 when Strong Private Key Protection is Enabled

One of the projects that I’m currently working on requires the use of soft-certificates in order to confirm identity and for doing authorization. Since the application that is being written only needs to have support for Internet Explorer 7, I imported my PKCS #12 certificate through Internet Explorer (Internet Options -> Content -> Certificates -> Personal -> Import).

As I was importing it, there was a page where I needed to provide a password that the CA had given me. On the same page there is an option to “Enable strong private key protection”. It was followed by the sentence “You will be prompted every time the private key is used by an application if you enable this option”. Since I favored security over convenience, I happily selected this option and provided my new password. Just in case I needed to move to another computer, I also marked the key as being exportable.

After time had past on the project, the discussion of automated functional tests with Selenium came up. I thought, thats OK: I remembered that there is an option for IE to remember my password when I’m prompted to give IE permission to use my private key. I selected this option the next time I was prompted by IE for my password. What I found out when stopping and starting a new IE process was that IE ignores the fact that I told it to remember my password. To make matters worse, since I no longer had my password that the CA gave me, I could not re-import the original certificate.

Just when I thought I was out of options, inspiration kicked in and I performed the following steps to make it so that I no longer had to provide my password whenever IE wanted to use my private key:

  1. Go to the Personal Certificate tab (see above)
  2. Select the certificate that you wish to remove the password from
  3. Click “Export”
  4. Click “Next”
  5. Select “Yes, export the private key”
  6. Unselect “Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above)
  7. Select “Include all certificates in the certification path if possible”
  8. You may either select “Delete the private key if the export is successful” or remove the certificate manually after the export
  9. Provide your Password and Confirm your password
  10. Specify a file name (something that you will remember with the PFX extension)
  11. Click “Next”
  12. Click “Finish”
  13. Click “Import”
  14. Click “Next”
  15. Browse for your exported certificate
  16. Click “Next”
  17. Provide your password as before
  18. Mark this key as exportable
  19. Click “Next”
  20. Place all certificates in the following store: Personal
  21. Click “Next”
  22. Click “Finish”

What saved me here was that since I chose to make the certificate exportable when I did the original import, I could perform the preceding steps. If I did not do this and since I forgot the password for my original PFX file, then my only option would have been to contact the CA to issue me another certificate.

Now that this is done, I can start up my automated regression functional test suite and not have to be bothered to provide my password every time IE runs a test.

Advertisements

16 Responses to How to Disable Password Checking for Certificates in IE7 when Strong Private Key Protection is Enabled

  1. Ian Bull says:

    Ok Ross… Time for an update… My rss reader has cob webs on it 😛

    don’t worry i’m not much better 🙂

  2. Tiffany says:

    Thank you so much! I have been trying to get things working for days since we had to renew our cert. You are a life saver and even better a time saver!!

  3. […] filed under Certificates, Selenium, Testing. You can follow any responses to this entry through the RSS 2.0 […]

  4. onokotoko says:

    There is a way to recover the password certificate? I forgot mine and I can’t install it on my netbook…

  5. taser says:

    taser…

    […]How to Disable Password Checking for Certificates in IE7 when Strong Private Key Protection is Enabled « Ross Niemi’s Musings[…]…

  6. facebook fans…

    […]How to Disable Password Checking for Certificates in IE7 when Strong Private Key Protection is Enabled « Ross Niemi’s Musings[…]…

  7. tiny village hack, brick force hack,zynga slingo hack, dc universe online hack, the settlers online hack, army rage hack, soul of guardian hack,kingdom age hack, candy crush saga hack, hunger games hack, teamviewer 7 keygen, deer hutner reloaded hack…

    […]How to Disable Password Checking for Certificates in IE7 when Strong Private Key Protection is Enabled « Ross Niemi’s Musings[…]…

  8. It is perfect time to make some plans for the future and it is
    time to be happy. I’ve read this post and if I could I desire to suggest you few interesting things or tips. Maybe you could write next articles referring to this article. I wish to read more things about it!

  9. I love it when individuals get together and share thoughts.
    Great site, continue the good work!

  10. Thank you for the good writeup. It if truth be told used to be a enjoyment account it.

    Look complicated to more delivered agreeable
    from you! By the way, how could we keep up a correspondence?

  11. Be suure to save your game at different areas, and not in the
    same slot all the time. Doing a little bit oof back
    tracking and searching for ardas you have noot researched to look foor way around
    your present predicament is an acceptable solution – thus is going online and also searching foor game hacks.
    Always error on the side of caution when you are saving, to reduce losing the spot that yyou are
    at.

  12. Viswa says:

    It is really helped me to unblock issue.

  13. Hey there! Your site is running slowly for me personally, this kind of took like a minute or so to
    reload, I dont know if it’s entirely me or maybe your web-site however twitter loaded fine for me.
    Nevertheless, I have to thank you for placing awesome blog post.
    I think this has already been seriously helpful visitor who visit here.

    This is brilliant what you actually have implemented and would like to
    see a lot more cool content from you. I ‘ve got you bookmarked to
    check out new stuff you post.

  14. Sylvester says:

    Hey there Your entire web site loads up literally slow in my situation, I am not sure who’s problem is that but youtube starts really quick.
    Anyways, I am going to thank you so much for putting brilliant blog post.
    I’m sure it has been totally helpful user who seem to visit here.
    I ought to state that you really have done superb work with this and also expect to check out more amazing stuff through you.
    I already have your site saved to bookmarks to see blog you post.

  15. Hey Your main web site loads up literally slow in my
    opinion, I am not sure who’s issue is that on the other hand twitter and facebook opens up really quick.
    Nevertheless, I want to thank you so much for putting brilliant blog
    post. Almost everyone who actually found this web site must have discovered
    this informative article seriously useful. This is terrific everything that
    you have concluded here and would like to check out a lot more content from your
    site. I now have you book-marked to check blog you post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: