[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: Certificate question
From: Ray Langford <ray () ELOCK ! COM>
Date: 1999-07-29 18:29:27
[Download RAW message or body]
John, Bruce,
In reference to John's question, I don't know if VeriSign actually uses the
Microsoft Certificate Server to issue certs. However, in any case, I suspect
they are hosting a webpage that downloads the xenroll activex control (or
something similar) into IE to perform the operations necessary to gen the
keypair in some CSP (i.e the default), export the public key, import the
issued cert. etc. The xenroll control calls into CryptoAPI to do all this.
On the server side, the results (i.e PKCS#10 created by xenroll and sent to
webserver via browser), is handed off to whatever cert server is issuing
certificates, be it Microsoft Cert Server or something else.
Bruce, the properties you listed really have nothing to do with the
Microsoft Certificate Server, but are operations that one can perform with
the xenroll activex control and CryptoAPI, on the users desktop, via the
browser in this case. The advanced button on the webpage simply sets the
parameters in the downloaded webpage script that runs the xenroll control
locally on the users desktop.
As John discussed in a different email, the xenroll control (or something
similar) is an example of a control that can be downloaded via the IE
browser and used to communicate with CryptoAPI.
-- Ray
==========================================
Ray C. Langford
Director of Research and Development
E-Lock Technologies
Web: www.elock.com
==========================================
Assuring e-Business
==========================================
----- Original Message -----
From: Bruce Chastain <bchastain@HYPERFEED.COM>
To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent: Wednesday, July 28, 1999 4:45 PM
Subject: Re: Certificate question
> Yes, now that you mention it, the MS Certificate Server signup web page
does
> have an Advanced button which takes me too more selectable options,
> including:
>
> Properties:
> Use Existing Key Set
> Write Certificate to CSP
> Set Container Name
> Export Private Keys to File
> Allow Keys to be Exported
> Create a SPC file
>
> They are all UNchecked by default.
>
> Bruce.
>
> -----Original Message-----
> From: John Boyer [mailto:jboyer@UWI.COM]
> Sent: Wednesday, July 28, 1999 4:40 PM
> To: CryptoAPI@DISCUSS.MICROSOFT.COM
> Subject: Re: Certificate question
>
>
> Hi Bruce,
>
> I'm pretty sure Verisign is using the Microsoft Cert. Server, and they
> provide that ability to set the cert. security right on their sign-up
page.
> It seems that you should be able to send the right parameters to the
> Microsoft server to do what you want. I don't use it much, so I don't
know
> how to do this offhand. Can someone who does this comment?
>
> John Boyer
> Software Development Manager
> UWI.Com -- The Internet Forms Company
>
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe. Save time, search
> the archives at http://discuss.microsoft.com/archives/index.html
>
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe. Save time, search
> the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic