Company Certificate

Encrypted folders containing a company certificate can be mounted by any user, who has access to the corresponding private key in the windows certificate store. If so, when the user mounts an encrypted folder, DriveLock first checks, whether the folder can be decrypted using the company certificate, then the folder will be mounted without any further user interaction. Otherwise, the user will be asked for his credentials.

The company certificate is not used for centrally managed folders.

DriveLock does not create company certificates but allows you to import the public key of any certificate (*.cer) you own. You have to store the private key (*.pfx) yourself in the Windows certificate store (user or computer account).

Technically a company certificate is very similar to a recovery certificate and configured in the same way.

Follow these steps to create a company certificate:

• To add a new company certificate in a policy open Encryption / File Protection / Encrypted folder recovery / New / Company certificate... On the General tab, add a description and import the certificate.

• Check Enabled to use the certificate when creating / updating encrypted folders.

• In the Options tab, select how to use the certificate.

For evaluation purposes you may use e.g. a DriveLock Recovery certificate as a company certificate.

Import the DLFfeRecovery.cer to the policy and the DLFfeRecovery.pfx to the Windows certificate store.

Update a Company Certificate

DriveLock does not care about the expiration date of a company certificate but still allows you to access and create encrypted folders. Nevertheless you may add new company certificates to your policy at any time and you may remove the expired certificates from your policy.

If you delete a company certificate from the Windows certificate store, you will no longer be able to connect the encrypted folder with this key. If this has been the only key for a folder, a new company certificate cannot be added any more.