> From: Pierre De Boeck <[EMAIL PROTECTED]>
> I am trying since two days to insert my own root CA
> into the trusted CA store of IIS. I use, as advised
> by MS, the procedure described in SP4 involving the
> CertMgr wizard but with no success...
> By comparing the IIS list of trusted CA and the one
> corresponding to the local_machine "Root" system store,
> I see that they are the same except that my CA appears only
> in the second list and not in the IIS's.
>
> Has anyone an idea of someting wrong with my CA? The only thing
> that is unique to it is the use of the Netscape <NetscapeCertType>
> extension. Does IIS not support it?
IIS has no problem with the nsCertType extension.
Run RegEdit.exe and look for:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\
SecurityProviders\SCHANNEL\CertificationAuthorities\<<Pierre's CA>>
If you can't see your CA here, search it into your registry, export the
branch that contains it. Edit the file, change the 'entry name' to
previus name, HKLM\SYSTEM\ControlSet001\...
and save the file.
i.e.
/----------------------------------------------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
\Control\SecurityProviders\SCHANNEL\CertificationAuthorities\CNV CA,
Email=cnvca@.mecon.ar]
"CACert"=hex:30,82,04,04,30,82,02,ec,02,01,00,30,0d,06,09,2a,f7,01,\
{.........}
d6,9e,4c,5d,5c,12,79,3f,95,3d
"Enabled"=dword:00000001
"Type"=dword:00000001
/---------------------------------------------------------------------
Double click the file so you enter the information into the
registry branch enabled to IIS4.
Shut Down and Restart the Server.
Regards,
Miguel
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
