[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Unable to view user certificates in IE 4 - PLEASE HELP
From:       John Boyer <jboyer () MAILHOST ! UWI ! COM>
Date:       1998-01-30 22:19:45
[Download RAW message or body]


Hi Mary,

I found and reported this as a bug a few months ago, but I got no response
from Microsoft about it.  The example program for digging up the user's
signature key says to look for something with the AT_SIGNATURE attribute.
Every cert. that I've gotten from both Verisign and Thawte is marked
AT_KEYEXCHANGE, but is also usable for signatures.
I had to implement my own method of telling a user his/her available certs.
using the email address they set in the preferences of our product (this is
the same thing that Outlook Express does).
In the end, you'd have to do something like that anyway in order to handle
the case of a person having multiple signature identities (e.g. Employee
John Boyer vs. Manager John Boyer).  We suggest that for the few people who
need this type of configuration that they use distinct common names for the
certificates.

I'm not in a situation where I can try this without an hour or two of work,
but do you think it could be that AT_KEYEXCHANGE contains the AT_SIGNATURE
value such that a bitwise and with AT_SIGNATURE would yield true?  If you
try this, would you please let me know if it works?

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com
(250) 479 8334 ext. 143

-----Original Message-----
From: Maryau Jeune <maryau.jeune@ENTRUST.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM <CryptoAPI@DISCUSS.MICROSOFT.COM>
Date: Friday, January 30, 1998 12:09 PM
Subject: Re: Unable to view user certificates in IE 4 - PLEASE HELP


>Steve,
>
>AT_KEYEXCHANGE is what I would need if I wanted an encryption key, but
>what if I just use AT_SIGNATURE for client authentication only?  Why
>would IE decide not to display my cert???  Shouldn't this be considered
>as a bug???
>
>Regards,
>Maryau
>
>>----------
>>From:  Maryau Jeune
>>Sent:  Friday, January 30, 1998 10:30 AM
>>To:    'Microsoft Cryptographic API'
>>Subject:       RE: Unable to view user certificates in IE 4 - PLEASE HELP
>>
>>Hi all,
>>
>>thanks to all who answered.  I have managed to fix the error by taking a
look
>>at what was done on the Verisign web site.  Steve, you were right,
>>AT_KEYEXCHANGE is what I needed.  Thanks again.
>>
>>Regards,
>>Maryau
>>
>>----------
>>From:  Dr Stephen Henson[SMTP:shenson@BIGFOOT.COM]
>>Sent:  Friday, January 30, 1998 5:39 AM
>>To:    CryptoAPI@DISCUSS.MICROSOFT.COM
>>Subject:       Re: Unable to view user certificates in IE 4 - PLEASE HELP
>>
>>Maryau Jeune wrote:
>>>
>>> Hi all,
>>>
>>> I have been writing VBScript code to import a user certificate into my
>>> browser (IE 4.01).  IE managed to add the user certificate in the
>>> registry but, for some reason, doesn't display it when I try to view my
>>> personal certs through the browser (under View->Internet
>>> Options->Content->Personal Certificates).  Has anyone encountered this
>>> problem before and managed to fix it?
>>>
>>
>>Yes I've seen this. One possible reason if you are using Xenroll is that
>>you haven't set KeySpec to 1 in the request page with e.g.
>>
>>Icontrol.KeySpec = 1;
>>
>>The default value creates a key of type AT_SIGNATURE. 1 is
>>AT_KEYEXCHANGE which is what you want.
>>
>>Steve.
>>
>>----------------------------------------------------------------
>>Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
>>contains important info including how to unsubscribe.  Save time, search
>>the archives at http://microsoft.ease.lsoft.com/archives/index.html
>>
>>
>
>----------------------------------------------------------------
>Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
>contains important info including how to unsubscribe.  Save time, search
>the archives at http://microsoft.ease.lsoft.com/archives/index.html
>

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://microsoft.ease.lsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]