Hello everybody, THE SOLUTION IS HERE! Microsoft support finally found where is the problem. See what they wrote: -- ...I guess, that the extension "keyUsage" should no more be used, but the "Enhanced Key Usage". When looking to the blog-article, I see that key usage has been commented out, and that "Enhanced Key Usage" is referred the lines above:
-- snip from Blog -- // 1.3.6.1.5.5.7.3.2 Oid - Extension objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); objObjectIds.Add(objObjectId); objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds); objRequest.X509Extensions.Add(objX509ExtensionEnhancedKeyUsage); // 1.3.6.1.5.5.7.3.3 Oid - Extension //objExtensionTemplate.InitializeEncode("1.3.6.1.5.5.7.3.3"); //objRequest.X509Extensions.Add(objExtensionTemplate); --- snip --- The modified ieVistaCSR.js has only commented out the key usage so the exception is no more thrown. Enhanced Key Usage may be integrated into the ieVistaCSR.js in order to provide the needed functionality. .... ... I really think, that we should provide the working scenario from the following blog-entry to the customer: http://blogs.msdn.com/b/alejacma/archive/2009/05/27/how-to-create-a-certificate-request-that-uses-key-archival-with-certenroll-javascript.aspx In the end - the sample demonstrates, that it is possible to generate the request even with Windows Vista SP2 or Windows 7 correctly. I also got the sample from the customer working with Windows Vista RTM, but I also observed that in that environment the CertenrollCtrl.exe is not executed. In addition this executable even does not exist on Windows Vista RTM. This means that the design of enrollment has been changed between Vista RTM and Vista SP1 - obviously too much for the given sample. I encourage the customer, that he gets in contact with the vendor (OpenCA), so they can have a look to the sample from the blog above and to sort out the difference between working and non-working scenarios. -- Well, I used the patched ieVistaCSR.js and it works! The request is generated and certificate is all right, both KeyUsage and ExtendedKeyUsage fields are filled in. The file is attached to this post. Tom ---------------------------------------------------------------------- tomaaak wrote: > > Hi Pablo, > > I work on this with Microsoft support; they are trying to find where the > problem is. Clearly there is some difference between Vista and Win7 in > crypto-functions interface. If we find the difference, we can reprogramm > OpenCA. > > BUT.. yesterday i installed Vista to run some debug and found out that > it even does not work there!!! The same error as in Win7!! > I stil have a hope :-) ... Vista had Service Pack 1, so I will now > install new clean install without SP1 and try once more. > > Best regards > > Tomas > > -----Original Message----- > From: pablo [mailto:pablo_0...@hotmail.com] > Sent: Tuesday, April 05, 2011 11:17 PM > To: openca-users@lists.sourceforge.net > Subject: Re: [Openca-Users] Certificate request from Windows 7 and > InternetExplorer 8 > > > Hi tomas?? > > Have you find a solution? Because I am searching on the web but I cant > find > anything. > > Best regards! > > Pablo > > > ------------------------------------------------------- > http://old.nabble.com/file/p32761348/ieVistaCSR.js ieVistaCSR.js -- View this message in context: http://old.nabble.com/Certificate-request-from-Windows-7-and-Internet-Explorer-8-tp31122889p32761348.html Sent from the openca-users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users