----- Original Message -----
From: "Greg Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 20, 2001 8:34 PM
Subject: Re: Xenroll and OpenSSL
> Sandipan ,
>
> I do not know in what sense ActiveX is disabled in IE5.5. Perhaps for
> unsigned downloaded controls?
On IE, If we look at Tools | Internet Options | Security Tab | Zones,
There are 4 zones:
Internet - ActiveX disabled by default
Intranet - ActiveX disabled by default
Trusted sites - ActiveX enabled by default
Restricted sites - ActiveX disabled by default
This has been carried out by MSIE on account of the many ActiveX based
viruses in 2000.
(This modification in default settings was also distributed in IE5.01 and
lower security updates last year)
This effect carries over to Outlook Express as well, BTW.
Xenroll.dll is on the harddisk, and I dont know how IE5.5 will deal with
that.
I tried the sample page at
http://www.informatik.fh-hamburg.de/pub/nt-service/sp6a-en.ext/ceenroll.asp
and my IE said this page contains ActiveX and did not allow it to be
invoked.
If you have IE5.5, and have the same settings as above, do you get an
activeX warning ?
I assumed it invokes Xenroll on windows\system\xenroll.dll (ie, local
storage).
In any event, Xenroll.dll houses the
> Certificate Enrollment Control. It is documented in the Platform SDK, the
> MSDN library, and the MSDN Online library. Look under PlatformSDK ->
> Security -> Certificate Services and Components -> Certificate Enrollment
> Control. If you want to run it from IE, pay particular attention to the
> VBscript examples.
Thanks a lot. I was simply unable to find this through MS Search engine.
I shall use these pages to come up the curve on Xenroll now.
>
> You can find the online documentation at
> http://msdn.microsoft.com/library/psdk/certsrv/crtsvnode_intro_8f3n.htm
> I can also provide you with a few examples.
>
> When you ask how can Xenroll work with OpenSSL, do you want use Xenroll to
> generate the certificate requests and use openssl to sign them? This can
> certainly be done.
Thats exactly what I want. I shall have some CGI based script or OpenCA or
pyCA to handle the server end.
Any samples will be really helpful.
Regards,
Sandipan
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
> ----- Begin Original Message -----
> From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, February 20, 2001 9:14 AM
> Subject: Xenroll and OpenSSL
>
>
> Back in 1997, there was a discussion with Dr Henson on the use of
> Xenroll.dll with MSIE and (then SSLeay) OpenSSL.
> http://remus.prakinf.tu-ilmenau.de/ssl-users/archive22/0040.html
> Could someone tell me anything about the following two issues :
> 1. Xenroll uses ActiveX that is by default disabled in IE5.5 for reasons
of
> security. Is there anything new from MS that doesnt use ActiveX and will
> work on the client without specially installing software for this purpose
?
>
> 2. Does anyone know of some URL where I can learn how to use Xenroll ?
> With OpenSSL ? That can then be processed by openssl with req (if
required)
> and
> ca ? I have found some resources at MS and over Google, but nothing
> comprehensive.
> Regards,
> Sandipan
> ----- End Original Message -----
>
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
