[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Adding Root CA's : New Slant
From: Rodney Thayer <rodney () SABLETECH ! COM>
Date: 1997-02-24 20:54:21
[Download RAW message or body]
I've been playing with editing the list of certs MSIE sees and I see them
"come back" sometimes so I don't understand what registry objects, if any,
are related. I have this suspicion that CAPI "knows" what they should be
and puts them back.
Which is fine, but it's my computer and I'd like a little control from time
to time...
At 02:04 PM 2/24/97 -0500, you wrote:
>Howdy,
>
>I've seen the discussion on adding CA's to MSIE, and I thought that I had
>taken care of that pretty well - I had my CA cert in a .crt file, executed
>the appropriate calls to install it, got the appropriate dialog boxes, and
>it appears in my MSIE security dialog box. Cool.
>
>I've been having a problem that when I go to my site that requests personal
>certs, MSIE doesn't show any of mine, only Verisigns. Somebody here
>suggested that maybe the server and MSIE don't have matching CA's for the
>other certs I've installed. But like I said, since I'd gone through the
>installation of the CA cert in both places, I thought that was ok.
>
>Today I used a registry snooper to see exactly what the heck is going on.
>And when I went to a site that requested client-auth, the first thing that
>MSIE did is went to System\CurrentControlSet\Control\
>SecurityProviders\SCHANNEL\CertificationAuthorities. And you know what it
>did then? Parsed through all of the *standard* CA's that are there.
>"Oh," I thought, "Maybe my CA's really didn't install at all."
>
>So I go into the registry editor and look at that branch. Nope, my CA's
>definitely *are* there. MSIE seems to have totally ignored them. From
>brief peeking around the actual data, they seem to be very similar - The
>"enabled" and "type" fields are all the same.
>
>HELP! What am I missing?! I can tell I'm getting closer to solving the
>problem!
>
>Duane Morin
>IDD Information Services / Liberty Financial
>
>
--------
Rodney Thayer <rodney@sabletech.com>
PGP Fingerprint: BB1B6428 409129AC 076B9DE1 4C250DD8
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic