SCH wrote:
>
> I have use the "certmgr - s my" and found 3 certs of mine,
> but when I tried to connect a ssl URL which ask for client-cert,
> the pop-up dialog showed no certs for me to choose! where are those "my certs"?
> BTW, all "my certs" are imported from .p12 file.
>
When a server asks for a certificate it sends out a list of CAs it
trusts. If your CA isn't included then IE (and Netscape) wont let you
choose any certificate signed by it. This is on the grounds that there's
no point being able to select a certificate which the server will
immediately reject. If you don't have any certificates signed by a CA
acceptable to the server then you either can a dialog saying you have no
user certificates (Netscape) or the empty dialog box (IE).
So you can only use a certificate for client authentication if the
server is specifically configured to "trust" it. How you do that depends
on the server software.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
