-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Victor B. Wagner wrote:
| On 2005.01.13 at 13:55:37 +0100, Dr. Stephen Henson wrote:
|
|>It doesn't. You can do that of course but the preferred technique is
the same
|>as every other environment: create a private key on the microsoft box,
sign a
|>request with it, send request to the CA and install the resulting
certificate.
|>
|>For MSIE you can use Xenroll for that.
| BTW, it is not clear for me how to create DSA certificates from xenroll.
| (really I oo need GOST94 certificates, not DSA)
You can use such kind of script for IE:
<HTML>
<HEAD>
<TITLE>VBScript Certificate Enrollment Control Sample
</TITLE>
<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
~ codebase="xenroll.dll"
~ id=Enroll >
</OBJECT>
<OBJECT classid="clsid:98AFF3F0-5524-11D0-8812-00A0C903B83C"
~ codebase="certcli.dll"
~ id=Request >
</OBJECT>
<BR>
Certificate Enrollment Control Request Sample
<BR>
<BR>
<SCRIPT language="VBScript">
<!--
' Declare the distinguished name variable.
Dim strDN
' Declare the request variable.
Dim strReq
' Declare a local variable for request disposition.
Dim nDisp
' Enable error handling.
On Error Resume Next
' Declare consts used by CertRequest object.
const CR_IN_BASE64 = &H1
const CR_IN_PKCS10 = &H100
' Build the DN.
strDN = "CN=UserName" _
~ & ",OU=UserUnit" _
~ & ",O=UserOrg" _
~ & ",L=UserCity" _
~ & ",S=WA" _
~ & ",C=US"
' Attempt to use the control, in this case, to create a PKCS #10.
MsgBox("Creating PKCS #10 " & strDN)
strReq = Enroll.createPKCS10( strDN, "1.3.6.1.4.1.311.2.1.21")
' If above line failed, Err.Number will not be 0.
if ( Err.Number <> 0 ) then
~ MsgBox("Error in call to createPKCS10 " & Err.Number)
~ err.clear
else
~ MsgBox("Submitting request " & strReq)
~ nDisp = Request.Submit( CR_IN_BASE64 OR CR_IN_PKCS10, _
~ strReq, _
~ "", _
~ "Machine\CertAuth")
~ ' If the preceding line failed, Err.Number will not be 0.
~ if ( Err.Number <> 0 ) then
~ MsgBox("Error in Request Submit " & Err.Number)
~ err.clear
~ else
~ MsgBox("Submitted certificate; disposition = " & nDisp)
~ end if
end if
- -->
</SCRIPT>
<BR>
</HEAD>
</HTML>
AFAIK for GOST certificates you should use OID 1.2.643.2.2.4 for algorithm.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB59EKhLKMVkIXtlERAgvZAJ9A1T0WDLlSEGdsb2BX3pyjNzQvtQCgk0bS
HDunYdWMXR4ve1GNmpyzAao=
=dRbM
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
