Re: [Openca-users] limit of characters

[Andr�a Cavallari]

Sorry, maibe I didn't explain the details...   My answers are in blue!     Andr�a Cavallari wrote: > Thanks Michael!! > But I have one more question: When my client (in his browser) > generate a certificate and change the key pair, install the > certificate and will use it with the same browser configuration, the > certificate works. what you mean by: change the key pair? which browser you are talking about? I'm talking about Microsoft Internet Explorer version 6.0 Service Pack 1. what you mean by: the cert works? how this verified? Here, we use the OpenCa to issue clients certs used to authenticate users in some applications. I mean that Internet Explorer prompt for the cert and the user select it to enter in application. (it means that the certs work: authenticate the user). > the certificate stop working and we have to tell to the client make a > new certificate to work with the new configuration. this sounds strange I mean that after some changes in browser's configuration I will use the certificate and the Internet Explorer prompt for the cert, but whem I select the cert I get an error and the browser's show me "Action Canceled". So, I can't authenticate. And If I monitoring this acces, on the web server I saw "client handshake failed". Then, I have to issue a new cert for the client. > So, my question is: In the moment of the change key pair/generate, > the certificate get some information about browser's configuration? > Get any state of the selected SSL option or browser security level? I don't understand this question ;) a certificate is a signed data container it contains: - some vilidity fields (like valid from to) - some id fields (subject, subject alternative and so on) - some extensions (for what to use) - the public key of the keypair, for which a cert is requested and is signed by the ca so there is no connection to any browser configuration actually at least it shouldn't... or maybe you have some special configurations? greetings dalini