Diego de Felice wrote: > infact I'm sure that this CSP works, because it works fine with the > Microsoft CA, and not with OpenCA > > >>Also, can you tell us the exact messages > > > After the message "This Web site is requesting a new certificate on > your behalf. You should allow only trusted Web sites to request a > certificate for you. Do you want to request a certificate now?" > appears two times, then IE generates a message "The generation of the > request failed". > > I've done some debugging on the script ieCSR.vbs and the problem is > the CreatePKCS10() function that returns nothing, but on the first > call the smartcard reader do something (the LED flips). > > >>you are getting as I don't think this is an OpenCA issue. > > > I think the problem is with XEnroll and options passed to it.
We have seen this if a CSP gets a key size it does not like. The OpenCA VB-Code passes the key size to xenroll. If you have configured a key size that your CSP cannot handle (e.g. 2048 bits for a 1024 bit smartcard), you'll get this behaviour. Juergen
smime.p7s
Description: S/MIME Cryptographic Signature
