'Re: SGC under IIS 3.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: SGC under IIS 3.0
From:       Richard Harrington <richha () MICROSOFT ! COM>
Date:       1998-03-31 23:52:33
[Download RAW message or body]


If you'll send me the cert that is giving you problems, we'll take a look at
it.

> -----Original Message-----
> From: Kevin Gross [SMTP:kgross@PH.COM]
> Sent: Tuesday, March 31, 1998 3:48 PM
> To:   CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject:      Re: SGC under IIS 3.0
>
> Richard, thanks for this pointer.  However, I have already installed
> the 1/28/98 SGCSCHNL.EXE package, which includes SGINST.EXE dated
> 1/23/98 and marked as version 1.0.  Any further ideas?
>
> Kevin
>
> On Tuesday, March 31, 1998 6:07 PM, Richard Harrington
> [SMTP:richha@MICROSOFT.COM] wrote:
> > VeriSign changed their cert formats a while back.  We released a new
> > version
> > of SGCINST to fix the problem.
> >
> > The following web page:
> > http://support.microsoft.com/support/kb/articles/q180/0/18.asp has
> > more
> > information.
> >
> > > -----Original Message-----
> > > From: Kevin Gross [SMTP:kgross@PH.COM]
> > > Sent: Tuesday, March 31, 1998 2:57 PM
> > > To:   CryptoAPI@DISCUSS.MICROSOFT.COM
> > > Subject:      SGC under IIS 3.0
> > >
> > > I have been trying to make Microsoft's Server Gated Cryptography
> > > work
> > > under IIS 3.0, without much success.
> > >
> > > I've gotten around the known incompatibilities between the many
> > > versions of SCHANNEL.DLL by installing IE 4.01 and by copying over
> > > the
> > > IIS 4.0 Key Manager (keyring.exe).  This has made it possible for
> me
> > > to
> > > generate 128-bit (or 1024-bit, if you will) keys and signing
> > > requests,
> > > which I have sent off to VeriSign for endorsement by their Test ID
> > > CA.
> > >  VeriSign has assured me that this CA is OK to use with these 128-
> > >  bit
> > > keys.
> > >
> > > I've also installed the Enhanced Crypto Service Provider, by
> > > installing
> > > the 128-bit extensions to IE 4.01 on the Windows/NT Server machine.
> > >  And I've tweaked the Registry to indicate this CSP as the 001
> > > provider.
> > >
> > > Here's where the trouble begins.  When I get the signed request
> > > back
> > > from VeriSign, SGCINST fails when run on it.  It throws an
> > > 0x80093005
> > > error, which from wincrypt.h seems to indicate a problem parsing
> > > the
> > > ASN.1 within it.  Maybe.
> > >
> > > If I apply the signed request directly to the key, in the Key
> > > Manager,
> > > no errors reported and the key icon changes to the "up and running"
> > > state.  However, if selected in the treeview, nothing shows up in
> > > the
> > > right hand pane, sort of indicating that Key Manager can't make
> > > heads
> > > or tails of the key.  Moreover, the IIS server won't accept any
> > > HTTPS:
> > > connections, which only makes me more convinced that the key ain't
> > > what
> > > it ought to be.
> > >
> > > Any help greatly appreciated...
> > >
> > > Kevin
> > >
> > > ----------------------------------------------------------------
> > > Users Guide
> > > http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
> > > contains important info including how to unsubscribe.  Save time,
> > > search
> > > the archives at http://microsoft.ease.lsoft.com/archives/index.html
> >
> > ----------------------------------------------------------------
> > Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
> > contains important info including how to unsubscribe.  Save time,
> > search
> > the archives at http://microsoft.ease.lsoft.com/archives/index.html
>
> ----------------------------------------------------------------
> Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
> contains important info including how to unsubscribe.  Save time, search
> the archives at http://microsoft.ease.lsoft.com/archives/index.html

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://microsoft.ease.lsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic