On 7/25/2011 3:02 PM, Travis Schick wrote: > The problem as I understand it - is that without having a network connection > - you are > unable to verify the server presenting the certificate to you - you need to > trust it > first - and for win7/macosx the default is to prompt the user.
If the certificate issuer is a recognized authority, *and* it meets the esoteric Windows required criteria (extendedKeyUsage=1.3.6.1.5.5.7.3.1 or somewhere thereabouts), there is no need for network validation of the CA (unless the CRL is mandatory?). It is getting the "special certificate criteria" correct that the typical 3rd-party SSL certificate is missing (either in the request, signing, or import process). Otherwise there is some setup required on the client side for Windows (<7), at a minimum, not to use the windows credentials as username/password (unless you're really joined to the domain you're authenticating) Jeff ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.