Thinkpads Forum

I just purchased a T60p. I have several X509 digital certificates I commit to the Security Chip. You do this by importing them via IE, the using the Trasfer Wizard to move the private keys into the chip.

On my previous T43p, this all worked fine, using a 6.00 versioned CSS.

With 6.01 I cannot get the wizard to see the certificates once imported. I have tried even looking at the certificates using mmc certificate snap-in to, as the manual says, make sure they are not marked for file encryption use.

So, has ANYONE had success with getting a certificate into the security chip on a T60 with CSS 6.01?

Also, did the security chip or driver change in this release?

I actually use Client Security 5.4x (which I still think is better), but there are actually 3 requirements for exporting certificates to the ESS (embeded security subsystem):

1) Certificate must not be marked for EFS use
2) Keysize of certificate must be 1024 or less
3) Private key must be marked as exportable

The first of which you already mentioned, so you might want to check the other two.

Hope this helps.

- Sam

Thanks for the suggestions.

I used the mmc with certificate snap-in to ensure that the cert was only set for email/client authentication use.

One of the two certs was previously installed on my T43 under CSS 6.0 so its not a key limit issue.

I specifically checked off the exportable button on the transfer wizard.

I am thinking this is a bug in the latest version of CSS 6.01.0037. My T43 was running 6.00.

Sadly, Lenovo in Canada says "the software is provided for free and we don't support it - we only support the hardware". I am trying to push past the Customer Service Droid but its hard.