Hello everybody,
THE SOLUTION IS HERE!
Microsoft support finally found where is the problem. See what they wrote:
--
...I guess, that the extension "keyUsage" should no more be used, but the
"Enhanced Key Usage".
When looking to the blog-article, I see that key usage has been commented
out, and that "Enhanced Key Usage" is referred the lines above:
-- snip from Blog --
// 1.3.6.1.5.5.7.3.2 Oid - Extension
objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");
objObjectIds.Add(objObjectId);
objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
objRequest.X509Extensions.Add(objX509ExtensionEnhancedKeyUsage);
// 1.3.6.1.5.5.7.3.3 Oid - Extension
//objExtensionTemplate.InitializeEncode("1.3.6.1.5.5.7.3.3");
//objRequest.X509Extensions.Add(objExtensionTemplate);
--- snip ---
The modified ieVistaCSR.js has only commented out the key usage so the
exception is no more thrown.
Enhanced Key Usage may be integrated into the ieVistaCSR.js in order to
provide the needed functionality.
.... ...
I really think, that we should provide the working scenario from the
following blog-entry to the customer:
http://blogs.msdn.com/b/alejacma/archive/2009/05/27/how-to-create-a-certificate-request-that-uses-key-archival-with-certenroll-javascript.aspx
In the end - the sample demonstrates, that it is possible to generate the
request even with Windows Vista SP2 or Windows 7 correctly.
I also got the sample from the customer working with Windows Vista RTM, but
I also observed that in that environment the CertenrollCtrl.exe is not
executed.
In addition this executable even does not exist on Windows Vista RTM. This
means that the design of enrollment has been changed between Vista RTM and
Vista SP1 - obviously too much for the given sample.
I encourage the customer, that he gets in contact with the vendor (OpenCA),
so they can have a look to the sample from the blog above and to sort out
the difference between working and non-working scenarios.
--
Well, I used the patched ieVistaCSR.js and it works! The request is
generated and certificate is all right, both KeyUsage and ExtendedKeyUsage
fields are filled in.
The file is attached to this post.
Tom
----------------------------------------------------------------------
tomaaak wrote:
>
> Hi Pablo,
>
> I work on this with Microsoft support; they are trying to find where the
> problem is. Clearly there is some difference between Vista and Win7 in
> crypto-functions interface. If we find the difference, we can reprogramm
> OpenCA.
>
> BUT.. yesterday i installed Vista to run some debug and found out that
> it even does not work there!!! The same error as in Win7!!
> I stil have a hope :-) ... Vista had Service Pack 1, so I will now
> install new clean install without SP1 and try once more.
>
> Best regards
>
> Tomas
>
> -----Original Message-----
> From: pablo [mailto:pablo_0...@hotmail.com]
> Sent: Tuesday, April 05, 2011 11:17 PM
> To: openca-users@lists.sourceforge.net
> Subject: Re: [Openca-Users] Certificate request from Windows 7 and
> InternetExplorer 8
>
>
> Hi tomas??
>
> Have you find a solution? Because I am searching on the web but I cant
> find
> anything.
>
> Best regards!
>
> Pablo
>
>
> -------------------------------------------------------
>
http://old.nabble.com/file/p32761348/ieVistaCSR.js ieVistaCSR.js
--
View this message in context:
http://old.nabble.com/Certificate-request-from-Windows-7-and-Internet-Explorer-8-tp31122889p32761348.html
Sent from the openca-users mailing list archive at Nabble.com.
------------------------------------------------------------------------------
RSA® Conference 2012
Save $700 by Nov 18
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
