Creating certificates via the DES

You only need user certificate management via the DES if you are not using your own certificate management via a CA.

The integrated certificate management in DriveLock File Protection helps you to manage users and their associated certificates without an existing public key infrastructure (PKI). It is not required if

• You already have a Microsoft Active Directory environment and you are administering user certificates using this infrastructure
• You are already using a PKI that is compatible with Microsoft Windows
• You want to use exclusively passwords for encryption authentication. (Note that these passwords are different from Windows passwords).

DriveLock File Protection already integrates all the functions required for simple, fast and clear management of users and their certificates so that you do not have to set up your own PKI. Users can apply for their own certificates, these applications can be automatically approved and stored in the user’s certificate store. When a user requests a certificate, DriveLock automatically creates a corresponding user account. As an administrator, you can approve, revoke or delete certificates.

The DriveLock PKI does not store and manage the privat key of a user's certificate. Users should export the certificate including the private key (PFX file) from the windows certificate store using the DriveLock Application and keep it in safe place. You have to import it again to the windows certificate store to access their encrypted folder from a different computer.