[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    AW: How to use smart card CSP in IE and Outlook ???
From:       "Philipp, Stefan" <Philipp () SECUNET ! DE>
Date:       2001-11-14 12:52:18
[Download RAW message or body]


thanks all. it works with the ms tool (src "propcert.cpp" in the platform
sdk).
greetings,
stefan

> -----Ursprüngliche Nachricht-----
> Von: Peter Bodenmann [mailto:peter.bodenmann@GMX.CH]
> Gesendet: Montag, 13. November 2000 13:50
> An: CryptoAPI@discuss.microsoft.com
> Betreff: Re: How to use smart card CSP in IE and Outlook ???
> 
> 
> Hi Stefan,
> 
> you can set the reference to your CSP programmatically with
> CertSetCertificateContextProperty setting the property
> CERT_KEY_PROV_INFO_PROP_ID.
> There is also a sample utility available from MS 
> (propcert.exe) which loads
> the certificates from a smart card into the 'my' store and sets the
> reference to the smart card CSP correctly.
> 
> HTH
> Peter
> 
> > -----Original Message-----
> > From: Microsoft Cryptographic API
> > [mailto:CryptoAPI@DISCUSS.MICROSOFT.COM]On Behalf Of Philipp, Stefan
> > Sent: Dienstag, 13. November 2001 11:47
> > To: CryptoAPI@DISCUSS.MICROSOFT.COM
> > Subject: How to use smart card CSP in IE and Outlook ???
> >
> >
> > Hello all,
> >
> > we wrote a custom smart card CSP. It should be usable for
> > Win2000/XP-Logon,
> > SSL client authentication and email encryption/decryption 
> and signature.
> > The CSP works for the logon process, but we have a problem to get
> > it to work
> > in Internet Explorer (IE) and later on in Outlook. Our test 
> system is an
> > english Win2000 client incl. IE 5 (both SP2) and a Win 2000 CA on
> > a separate
> > machine.
> > We used our CSP to write a smart card user certificate on 
> the smart card
> > (enrollment). Additionally, we wrote the certificate to a file.
> > After that,
> > we used the IE to import the smart card certificate (from 
> the file) in the
> > personal store of the local certificate store. Ihe import 
> wizard of the IE
> > says that it is imported correctly.
> > The Problem is: If we try to connect to a SSL server, which is
> > configured to
> > ask for the client certificate, our certificate (located on the
> > smart card)
> > will not be displayed in the list of available certificates.
> > Strangely, the
> > certificate is located in "intermediate certification
> > authorities" in the IE
> > (internet options/content/certificates), but not in "personal".
> > We think, the main problem is a missing link between the 
> certificate (and
> > the related public/private key pair) and our CSP.
> > In the crypto api documentation (msdn) it says that there exist
> > microsoft-specific certificate extended properties. these
> > properties seem to
> > link the certificate to a particular CSP. Do we have to 
> write extensions
> > into the certificate which we got from the CA during the
> > enrollment process?
> > Or do we have to configure the CA in a special way?
> > I know, that other CSPs (e.g. from GemPlus) have a tool 
> which seem to
> > register the certificate (located in the active directory) in the
> > local cert
> > store. After using the tool the certificate visualization has an
> > additional
> > entry: "You have a private key that corresponds to this 
> certificate."
> > What do we have to do after writing the certificate to a smart
> > card? How can
> > we "register" the CSP in the IE (or in Outlook)?
> > Many thanks in advance,
> > Stefan
> >
> > ----------------------------------------------------------------
> > Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> > contains important info. Save time, search the archives at
> > http://discuss.microsoft.com/archives/index.html .
> > To unsubscribe, 
> mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
> >
> 
> ----------------------------------------------------------------
> Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
> contains important info. Save time, search the archives at
> http://discuss.microsoft.com/archives/index.html .
> To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM
> 

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM



[prev in list] [next in list] [prev in thread] [next in thread]