I am working on an X509 public key certificate authentication project using Java technology.
The client applies for a certificate from the Web interface of the CA. Currently, I only want to consider Internet Explorer. Question 1: I run Tomcat 4.1.18 under my win2k box as the CA Web server. Do I have to run it in SSL mode in order to handle clients' certificate request? I got a sample vbscript code for certificate enrollment from http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/request_sample_in_vbscript.asp , which I paste in the following: *** beginning of the sample code ***** <HTML> <HEAD> <TITLE>VBScript Certificate Enrollment Control Sample </TITLE> <OBJECT classid="clsid:43F8F289-7A20-11D0-8F06-00C04FC295E1" codebase="xenroll.dll" id=Enroll > </OBJECT> <OBJECT classid="clsid:98AFF3F0-5524-11D0-8812-00A0C903B83C" codebase="certcli.dll" id=Request > </OBJECT> <BR> Certificate Enrollment Control Request Sample <BR> <BR> <SCRIPT language="VBScript"> <!-- ' Declare the distinguished name variable. Dim strDN ' Declare the request variable. Dim strReq ' Declare a local variable for request disposition. Dim nDisp ' Enable error handling. On Error Resume Next ' Declare consts used by CertRequest object. const CR_IN_BASE64 = &H1 const CR_IN_PKCS10 = &H100 ' Build the DN. strDN = "CN=UserName" _ & ",OU=UserUnit" _ & ",O=UserOrg" _ & ",L=UserCity" _ & ",S=WA" _ & ",C=US" ' Attempt to use the control, in this case, to create a PKCS #10. MsgBox("Creating PKCS #10 " & strDN) strReq = Enroll.createPKCS10( strDN, "1.3.6.1.4.1.311.2.1.21") ' If above line failed, Err.Number will not be 0. if ( Err.Number <> 0 ) then MsgBox("Error in call to createPKCS10 " & Err.Number) err.clear else MsgBox("Submitting request " & strReq) nDisp = Request.Submit( CR_IN_BASE64 OR CR_IN_PKCS10, _ strReq, _ "", _ "Machine\CertAuth") ' If the preceding line failed, Err.Number will not be 0. if ( Err.Number <> 0 ) then MsgBox("Error in Request Submit " & Err.Number) err.clear else MsgBox("Submitted certificate; disposition = " & nDisp) end if end if --> </SCRIPT> <BR> </HEAD> </HTML> *** end of the sample code **** I saved this code as certreq.html under my web application folder. When I visit this page with IE, I get a VBscript pop-up dialog box, which reads: Creating PKCS #10 CN=UserName, OU=UserUnit, O=UserOrg,L=UserCity, S=WA,C=US I click OK, then I get another VBscript pop-up dialog box, which reads: Submitting request IICdTCCAh8CAQAwldfasldk8425lkasdfasdfADSFASDa/sdfoiuj aASDFkj9/asldfkadfr98SADkjla0ASDF09rASdfjasdlfkjASDFa dfoiujlerASDFadfloiwerLKJalkjafoiWERo0lkj934lkasfDlkj [snip] It is just a mess of codes. If I click OK, I get a warning pop-up windows, which reads: ! An ActiveX Control on this page is not safe. Your current security settings prohibit running unsafe controls on this page. As a result, this page may not display as intended. And if I click OK, I see another popup windows, which reads: Error in Request Submit 438 These are all I get with this certreq.html page. I know there is a big problem with this sample code, because this code does not specify to which servlet the PKCS#10 request should be submitted. I want to specify it, but I have no clue where and how to do this. Can you guys please help? Thanks a lot! __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
