[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    MSIE does not honour Extended Key Usage in certificate
From:       Matthew Ling <mling () UCALGARY ! CA>
Date:       2000-08-25 21:47:00
[Download RAW message or body]


Hi,
      I have two certificates that have the following characteristics:
            - one is intended for e-mail usage
                - it is marked using the Extended Key Usage, Secure
Email( 1.3.6.1.5.5.7.3.4 )
            - the other is intended for SSL communication
                - it is marked using the Extended Key Usage, TLS Web
Client Authentication

It appears that Outlook Express is smart enough to present only the
certificate with the Secure Email Extended Key Usage to a user.
Internet Explorer (MSIE) ( version 4), however, presents both
certificates to a user ignoring any of the Extended Key Usage settings.

Is it a known problem of MSIE?  Is there a way to change some setting of
the certificate using CryptoApi so that MSIE only presents the
certifcate with TLS Web Client Authentication?

Thanks in advance

Matthew

----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://discuss.microsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]