[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Adding Root CA's : New Slant
From:       Rodney Thayer <rodney () SABLETECH ! COM>
Date:       1997-02-24 20:54:21
[Download RAW message or body]


I've been playing with editing the list of certs MSIE sees and I see them
"come back" sometimes so I don't understand what registry objects, if any,
are related.  I have this suspicion that CAPI "knows" what they should be
and puts them back.

Which is fine, but it's my computer and I'd like a little control from time
to time...

At 02:04 PM 2/24/97 -0500, you wrote:
>Howdy,
>
>I've seen the discussion on adding CA's to MSIE, and I thought that I had
>taken care of that pretty well -  I had my CA cert in a .crt file, executed
>the appropriate calls to install it, got the appropriate dialog boxes, and
>it appears in my MSIE security dialog box.  Cool.
>
>I've been having a problem that when I go to my site that requests personal
>certs, MSIE doesn't show any of mine, only Verisigns.  Somebody here
>suggested that maybe the server and MSIE don't have matching CA's for the
>other certs I've installed.  But like I said, since I'd gone through the
>installation of the CA cert in both places, I thought that was ok.
>
>Today I used a registry snooper to see exactly what the heck is going on.
>And when I went to a site that requested client-auth, the first thing that
>MSIE did is went to System\CurrentControlSet\Control\
>SecurityProviders\SCHANNEL\CertificationAuthorities.  And you know what it
>did then?  Parsed through all of the *standard* CA's that are there.
>"Oh," I thought, "Maybe my CA's really didn't install at all."
>
>So I go into the registry editor and look at that branch.  Nope, my CA's
>definitely *are* there.  MSIE seems to have totally ignored them.  From
>brief peeking around the actual data, they seem to be very similar - The
>"enabled" and "type" fields are all the same.
>
>HELP!  What am I missing?!  I can tell I'm getting closer to solving the
>problem!
>
>Duane Morin
>IDD Information Services / Liberty Financial
>
>
--------
Rodney Thayer <rodney@sabletech.com>
PGP Fingerprint: BB1B6428 409129AC  076B9DE1 4C250DD8

[prev in list] [next in list] [prev in thread] [next in thread]