views:

32

answers:

0

ENVIRONMENT:

In an active directory environment we are using ActivClient to copy a digital signing certificate from a smart card to the current user store upon smart card insertion. The smart card certificate is equipped only with digital signature, non-repudiation purposes.

PROBLEM:

After the certificate is copied from the smart card to the current user store. The certificate is enabled for all purposes (verified via MMC). This is allowing the certificate to be displayed for non-valid purposes.

QUESTION:

Does Windows/Active Directory add purposes to certificates upon importing?