Does anyone know the address of the apache mailing list ?
-----Original Message-----
From: Sandipan Gangopadhyay [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 3:27 PM
To: [EMAIL PROTECTED]
Subject: Re: XEnroll.AcceptPKCS7 returns error 0x80092004 on MS IE 5.5
Does anyone know the address of the Microsoft CryptoAPI mailing list ?
Unless I am mistaken, CEnroll matches the certificate PKCS7 with the request
(and related private key) before it accepts it. Like Greg says.
This is essential because PKCS7 does not carry the private key. By itself,
its contents are only fit for the Other People section, and not Personal
Certificates section (that requires private keys to be present as well.)
In other words, whereas PKCS12 will allow the key pair and certificate to be
installed in one shot, with CEnroll, you have to use createPKCS10 to
generate keypair and then create request in PKCS10. This ONLY has the public
key.
The signed public key in PKCS7 is then installed on the PC by CEnroll by
matching it with the keypair it generated. In other words with CEnroll and
PKCS10 and PKCS7, the private key never leaves the PC. Which makes sense.
I would like to know if my view in this is not correct.
Regards,
Sandipan
----- Original Message -----
From: "Greg Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 27, 2001 8:17 PM
Subject: Re: XEnroll.AcceptPKCS7 returns error 0x80092004 on MS IE 5.5
> This question should be asked in the Microsoft CryptoAPI mailing list. I'm
> not surprised by the error since there is no certificate request to match
up
> against in the REQUEST store. I scanned the CEnroll stuff and couldn't
> figure out how to do what you want.
>
> >From WinError.h in the Platform SDK
> //
> // MessageId: CRYPT_E_NOT_FOUND
> //
> // MessageText:
> //
> // Cannot find object or property.
> //
> #define CRYPT_E_NOT_FOUND _HRESULT_TYPEDEF_(0x80092004L)
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
> ----- Original Message -----
> From: "Roland Dirlewanger" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, March 27, 2001 2:29 AM
> Subject: XEnroll.AcceptPKCS7 returns error 0x80092004 on MS IE 5.5
>
>
> >
> > I started one year ago to distribute personnal certificates in our
> > organization. For the initial certificate, the format used was PKCS12.
> > Recently, I had to renew the certificates.
> >
> > As advised in previous threads on this list, I wanted to use the Xenroll
> > mechanism with MSIE 5.5. In the following script, the call to
> > Enroll.AcceptPKCS7 returns err.Number=0x80092004, but err.Description is
> > not set. I can't get any information on this error code from Microsoft's
> > Knowledge base.
> >
> > Note that replacing Enroll.AcceptPKCS7 by Enroll.InstallPKCS7 works but
> > installs the certificate in the 'Other People' section. The existing
> > certificate in the 'Personnal' section is not updated.
> >
> > Could someone tell me what I'm doing wrong ?
> >
> > Thanks a lot in advance.
> >
> > Here is the VB code I use to install personnal certificates :
> >
> > <OBJECT CLASSID="clsid:43F8F289-7A20-11D0-8F06-00C04FC295E1"
> > CODEBASE="xenroll.dll"
> > ID=Enroll>
> > </OBJECT>
> >
> > <SCRIPT LANGUAGE="VBSCRIPT">
> > Sub InstallCert
> >
> > On Error Resume Next
> >
> > '"cert" is the result of the following command :
> > 'openssl crl2pkcs7 -nocrl -certifile mycert.pem -in mycert.pem
> >
> > cert = "" & _
> > "MIIKVwYJKoZIhvcNAQcCoIIKSDCCCkQCAQExADALBgkqhkiG9w0BBwGgggosMIIE"
> > & _
> > ...
> > "gLR6uDkmRYwBMQA=" & _
> > ""
> >
> > Call Enroll.AcceptPKCS7(cert)
> >
> > --
> > Roland Dirlewanger
> > CNRS - Delegation Aquitaine et Poitou-Charentes
> > Esplanade des Arts et Metiers
> > 33402 TALENCE CEDEX
> >
> > Mel : [EMAIL PROTECTED], Tel : 05.57.35.58.52, Fax : 05.57.35.58.01
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
