RE: MSIE 5 Personal Cert Import Problem

Thu, 22 Jul 1999 08:43:35 -0700 

This helps.  Thanks.  Since the browser created the public/private key pair,
it would have put the public key in the Certificate Request, correct?  

How do I associate the private key for this request with the cert (and where
is the private key stored)?  

Here is the VB code I use (not original) in my html form to generate the
keys/request.  

if (( $ENV{'HTTP_USER_AGENT'} =~ /MSIE 4/ ) || ( $ENV{'HTTP_USER_AGENT'} =~
/MSIE 5/ )) {

$html .=  <<EOF ;
<OBJECT CLASSID="clsid:43F8F289-7A20-11D0-8F06-00C04FC295E1"
        CODEBASE="http://webserver.mysite.com/xenroll.dll"
        ID=Enroll>
</OBJECT>  

<SCRIPT LANGUAGE="VBScript">

Sub Submit_OnClick

  Dim TheForm
  Set TheForm = document.CertReqForm

  szName = "C=TheForm.CountryName.value; S=TheForm.StateName.value;
L=TheForm.CityName.value; O=TheForm.CompanyName.value; OU=" & _
           TheForm.OrganizationalUnit.value & "; CN="     & _
           TheForm.CommonName.value                       & _
           "; 1.2.840.113549.1.9.1="                      & _
           TheForm.EmailAddress.value

  Enroll.KeySpec = 1
  Enroll.GenKeyFlags = 3
  sz10 = Enroll.CreatePKCS10(szName,"1.3.6.1.5.5.7.3.2")

  if (sz10 = Empty OR theError <> 0) Then
    sz = "The error '" & Hex(theError) & "' occurred."    & _
         chr(13) & chr(10)                                & _
         "Your credentials could not be generated."
    result = MsgBox(sz, 0, "Credentials Enrollment")

    Exit Sub
  else
    TheForm.ms_req.value = sz10
    TheForm.submit()
  end if

End Sub

</SCRIPT>

-----Original Message-----
From: Alan Ramsbottom [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 22, 1999 2:41 AM
To: '[EMAIL PROTECTED]'
Subject: RE: MSIE 5 Personal Cert Import Problem


> I don't understand.  It's shows up just fine in the "Other 
> People" section. Why would it be different for "Personal"?

If you have the private key for a client cert, then IE assumes the cert is
yours and puts it in the "Personal" store. If you don't have the private key
then IE assumes the cert is someone else's and puts it in the other "Other
People" store. 

Your .cer file does not contain your private key and IE apparently can't
find the appropriate one anywhere else. 

I've only ever used OpenSSL for making cert requests, but it might be an
idea to focus on where the private key went when you made your request via
IE (or why it can't be matched to your certificate).

-Alan-
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to