Michael Heuss wrote:
>
> Hi,
> Here at our company, we are using Netscape to handle our company's
> E-Mail and our own CA as our means of authentication. However, we now
> need to support Internet Explorer 5 as well. I'm running into a problem
> signing user's requests for Certificates for IE because it sends the
> email address as a "UNIVERSALSTRING" instead of a "IA5STRING". How can
> I get around this?
>
The certificate request handling is done on MSIE by an ActiveX control
called either certenr3 or Xenroll. The older certenr3 is obsolete and
suffered from the problem you describe and various other problems
including giving the user virtually no private key security.
If you use Xenroll then this shouldn't happen any more.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
