Okay There is a patch that will do all this for you. Microsoft KB Q323172. When you apply this it does the xenroll.dll install and registry changes for you.
The registry has to match the actual DLL on your box. Also our CA is on Unix and for the CA registration part that DLL has to match what's on the enrolling
clients box. Check on your enrollment box and you'll see the xenroll.dll, This has to be the same as the client DLL
Mark S
| Mark Liu <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 02/03/03 02:09 PM
|
To: [EMAIL PROTECTED] cc: Subject: Re: Does this mean that I don't have any Cryptographic Service Provider in my system? |
Mark, thanks.
Yes, I checked HKEY_CLASSES_ROOT, under which I had
only CEnroll.CEnroll\CurVer and
CEnroll.CEnroll.1\CLSID.
The value of CEnroll.CEnroll.1\CLSID is
{43F8F289-7A20-11D0-8F06-00C04FC295E1}, the old one.
The value of CEnroll.CEnroll\CurVer is
CEnroll.CEnroll.1.
Then I manually added a new key at
CEnroll.CEnroll\CEnroll.CEnroll.2, under which I added
CLSID and assigned the new value
{127698e4-e730-4e5c-a2b1-21490a70c8a1} to it.
Now I changed the value of CurVer to
CEnroll.CEnroll.2. Then I restarted my Win2K,
launched my tomcat, tried the new clsid with my HTML
page.
It did not work. Probably this is not the right way
to have my system work for the new clsid?
What do you think, Mark?
The other Mark
--- [EMAIL PROTECTED] wrote:
> In the registry under HKEY_CLASSES_ROOT there are
> three keys
> CEnroll.CEnroll, CEnroll.CEnroll.1 CEnroll.CEnroll.2
> that tell the story
>
>
>
>
> Mark Liu <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 02/03/03 01:02 PM
> Please respond to openssl-users
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: Re: Does this mean that I
> don't have any Cryptographic Service Provider in
> my system?
>
>
> Mark,
>
> Thanks a lot for your reply. And it seems that this
> is the problem.
>
> But interestingly, the new one does not work for my
> Win2K box in my lab. That is, if I use the new one
> you offered, it won't give me a whole list of
> Cryptographic Service Providers, just like what
> happened to my Win2K box at home. The old one works
> in my lab, but does not work at my home. I'll see
> if
> the new one works for my home Win2K box when I get
> home.
>
> I use IE 6.0 for the Win2K boxes both at my home and
> at my lab in school.
>
> I am curious, what stuff in the Win2K operating
> system
> determines the version of the classid I need to use
> for my application?
>
> Thanks.
>
> The other Mark
>
> --- [EMAIL PROTECTED] wrote:
> > Yes but it also may mean you have the wrong
> > xenroll.dll. In your script
> > you probably have something like
> >
> >
> > <OBJECT
> >
> >
> classid=""> > > CODEBASE=""> > > id=Enroll >
> > </OBJECT>
> >
> > which is the old dll you may need to change to
> >
> >
> > <OBJECT
> >
> >
> classid=""> > >
> > CODEBASE=""
> > id=Enroll >
> > </OBJECT>
> > which is the new one
> >
> >
> >
> >
> > Mark Liu <[EMAIL PROTECTED]>
> > Sent by: [EMAIL PROTECTED]
> > 02/02/03 02:49 PM
> > Please respond to openssl-users
> >
> >
> > To: [EMAIL PROTECTED]
> > cc:
> > Subject: Does this mean that I
> don't
> > have any Cryptographic Service Provider in my
> > system?
> >
> >
> > I am working on an X509 public key certificate
> > authentication project.
> >
> > I have an HTML file called apply_ie.html in my web
> > application.
> >
> > When I tested this page on a Win2k box with
> > tomcat4.1
> > in my lab at school, it works great. The
> drop-down
> > menu gives me a list of dozens of Cryptographic
> > Service Providers.
> >
> > But when I try the same file on my Win2k box with
> > tomcat4.1 at home, The drop-down menu shows no
> list
> > of
> > Cryptographic Service Providers. And when I click
> > "OK" to submit, I get a pop-up window which says:
> >
> > Line 80: object does not support this attribute or
> > method: 'encoder.HashAlgorithm'
> >
> > I checked line 80 of the file apply_ie.html which
> > contains vbscript, and saw it is this line:
> > encoder.HashAlgorithm = "MD5"
> >
> > Does this mean that I don't have any Cryptographic
> > Service Providers installed on my Win2K box at
> home?
> >
> > But wait, before I tried this page with Tomcat, I
> > did
> > install Encpack_Win2000Admin_EN.exe, a
> cryptographic
> > packet I downloaded from Microsoft, and restart my
> > system.
> >
> > So, what's the problem? Any hint please?
> >
> > Here is source of apply_ie.html, which is a slight
> > modification of Tomas' EJBCA apply_exp.jsp
> >
> > *** beginning of apply_ie.html ***
> >
> > <HTML>
> > <HEAD>
> > <TITLE>IE Certificate Request</TITLE>
> >
> > <object
> >
> >
> classid=""> > > id="encoder">
> > </object>
> > <SCRIPT LANGUAGE=VBSCRIPT>
> > <!-- > > Function GetProviderList()
> >
> > Dim CspList, cspIndex, ProviderName
> > On Error Resume Next
> >
> > count = 0
> > base = 0
> > enhanced = 0
> > CspList = ""
> > ProviderName = ""
> >
> > For ProvType = 0 to 13
> > cspIndex = 0
> > encoder.ProviderType = ProvType
> > ProviderName =
> > encoder.enumProviders(cspIndex,0)
> >
> > while ProviderName <> ""
> > Set oOption =
> > document.createElement("OPTION")
> > oOption.text = ProviderName
> > oOption.value = ProvType
> >
> > Document.CertReqForm.CspProvider.add(oOption)
> > if ProviderName = "Microsoft Base
> > Cryptographic Provider v1.0" Then
> > base = count
> > end if
> > if ProviderName = "Microsoft Enhanced
> > Cryptographic Provider v1.0" Then
> > enhanced = count
> > end if
> > cspIndex = cspIndex +1
> > ProviderName = ""
> > ProviderName =
> > encoder.enumProviders(cspIndex,0)
> > count = count + 1
> > wend
> > Next
> > Document.CertReqForm.CspProvider.selectedIndex
> =
> > base
> > if enhanced then
> >
> Document.CertReqForm.CspProvider.selectedIndex
> > =
> > enhanced
> > end if
> > End Function
> > -->
> > </SCRIPT>
> > </HEAD>
>
=== message truncated ===
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
