Michael Sierchio escribió:
You're confused -- when a cert is downloaded, the browser stores it, period.
It doesn't necessarily convey trust, but it caches the cert nonetheless.
Netscape handles certs differently only if it has a pending SPKAC and
a private key structure that corresponds to the SubjectPublicKey in
the cert.
Sorry if I implied otherwise, of course I do that. I use KEYGEN to build an SPKAC request and the key is kept on the browser. If I download a certificate whose private key I don't have, Communicator informs me of that much (Netscape 7.0, on the hand, does not seem to do so, at least with the certificates I am sending it now). But last year, when a new user certificate (for which the private key was known), a dialog popped up saying so and offering to make a backup copy of it. Now that does not happen though everything else works. In case I am not making myself understood, I attach a copy of one such dialog extracted from the manual we distributed to our users last year (sorry, it is in Spanish, but I cannot get one in any language now). You don't get such dialogs? Then possibly you do things wrong just like I do now... What have I done to break this? What is wrong in my certificates or my PKCS#7 messages (though I think I have ruled out this by trying to send the single X509 certificate by itself and it failing in the same way)? Is the MIME type wrong? What is it? Any ideas? Thanks in advance, Julio
<<inline: Image11.jpg>>
smime.p7s
Description: S/MIME Cryptographic Signature
