OK, this is something important to know.
So, are you simply assigning the PEM-encoded cert to
pkcs7 in the following statement? In other words,
nothing is really done to pkcs7ChainBase64 before it
is assigned to pkcs7, right?
pkcs7 = result.header.pkcs7ChainBase64
And, the following line:
pkcsa7 =< wherever or however you get your cert >
also seems to mean that the PEM-encoded cert does not
have to be put in the HTTP response header, right?
Mark.
--- [EMAIL PROTECTED] wrote:
> Right
> pkcs7 = result.header.pkcs7ChainBase64
> is all native to our installation and how we get the
> cert back from the CA
>
> so you should have
>
> pkcsa7 =< wherever or however you get your cert >
>
>
> Mark Liu <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 02/27/03 09:25 AM
> Please respond to openssl-users
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: Re: Importing PKCS7
> Certificate Into Internet Explorer
>
>
> Thanks a lot, Mark,
>
> I actually read that MSDN description of acceptPKCS7
> function, which does not say what "result" is.
>
> Do you mean that "result" is actually a reserved key
> word in VBScript that refers to an HTTP response?
>
> In other words, "result" is not the name of a hidden
> HTML form?
>
> Thanks.
>
> Mark
>
> --- [EMAIL PROTECTED] wrote:
> > ----- Forwarded by Mark Shoneman/DLX Guest on
> > 02/27/03 06:36 AM -----
> >
> >
> > Mark Liu <[EMAIL PROTECTED]>
> > Sent by: [EMAIL PROTECTED]
> > 02/26/03 06:07 PM
> > Please respond to openssl-users
> >
> >
> > To: [EMAIL PROTECTED]
> > cc:
> > Subject: Importing PKCS7
> Certificate
> > Into Internet Explorer
> >
> >
> > Mr. Mark Shoneman gave a fragment of VBScript code
> > to
> > import a PKCS7 certificate into Internet Explorer.
> >
> > The code is pasted below.
> >
> > I am very dumb at VBScript, and have difficulty
> > understanding line 5, i.e.,
> >
> > pkcs7 = result.header.pkcs7ChainBase64
> >
> > Question 1: What object is the "result"?
> >
> > See below
> >
> > Question 2: Does this line suggest that the PEM
> > certificate is returned to the client in the HTTP
> > response header?
> >
> > You bet
> >
> > Question 3: What is pkcs7ChainBase64?
> >
> > What I call the PEM certificate returned from the
> CA
> >
> > The acceptPKCS7 method accepts and processes a
> PKCS
> > #7 message containing a certificate.
> > The PKCS #7 is input as a parameter. This method
> was
> > first defined in the ICEnroll interface.
> > HRESULT acceptPKCS7(
> > BSTR PKCS7
> > );
> > Parameters
> > PKCS7
> > [in] Represents the base64-encoded PKCS #7
> > containing the certificate and
> > the chain of certificates identifying the issuer.
> > Return Values
> > The return value is an HRESULT. A value of S_OK
> > indicates success. Upon successful completion of
> > this
> > function, the PKCS7 will be accepted.
> > Remarks
> > The PKCS #7 input as a parameter for acceptPKCS7
> > contains the request certificate and the chain of
> > certificates
> > identifying the issuer of the certificate.
> > Typically, but not always, the
> > chain of certificates does not include the root.
> The
> > PKCS #7 can be in
> > base64-encoded, binary, or X.509 certificate
> format
> > (with or without the begin cert / end cert tags).
> > The certificate and the associated keys generated
> > for it are put in the
> > MY store. A root certificate is placed in the ROOT
> > store and the rest of the chain of certificates
> are
> > placed in the certification authority (CA) store.
> If
> > any ROOT certificates found in the PKCS #7 are
> > accepted,
> > Crypt32 will notify the user that a ROOT
> certificate
> > is being added to his
> > store. The user has the option of declining the
> ROOT
> > certificate. This
> > option is provided so that the user can decline to
> > place an untrusted root
> > in the ROOT store. Declining to place the ROOT in
> > the ROOT store will not
> > cause Certificate Enrollment Control to fail
> > acceptance.
> > By default, the system stores MY, CA, ROOT, and
> > REQUEST are used to store
> > the certificates. However, you can specify other
> > stores by assigning the
> > following properties before calling this method:
> >
> >
> > Please kindly educate me. Thanks a lot.
> >
> > <MrMarkShoneMan'sVBScriptCode>
> >
> > 1. Sub ImportCertificate
> >
> > 2. Dim pkcs7
> >
> > 3. On Error Resume Next
> >
> > 4. 'Convert the PEM cert to PKCS7 format
> > 5. pkcs7 = result.header.pkcs7ChainBase64
> > 6. If (IsEmpty(pkcs7) OR theError <> 0) Then
> > 7. ret = MsgBox("Could not convert
> > certificate
> > to PKCS7 format", 0, "Import Cert")
> > 8. Exit Sub
> > 9. End If
> >
> > 10. 'Import the PKCS7 object
> > 11. Enroll.DeleteRequestCert = FALSE
> > 12. Enroll.WriteCertToCSP = true
> > 13. Enroll.acceptPKCS7(pkcs7)
> > 14. if err.number <> 0 then
> > 15. Enroll.WriteCertToCSP = false
> > 16. end if
> > 17. err.clear
> > 18. Enroll.acceptPKCS7(pkcs7)
> > 19. if err.number = 0 then
> > 20. MsgBox "Certificate has been
> successfully
> > imported.",0,"Certificate Success"
> > 21. else
> > 22. sz = "Error in acceptPKCS7. Error Number
> "
> > &
> > Hex(err.number) & "occurred."
> > 23. MsgBox sz
> > 24. end if
> >
> > 25. Exit Sub
> >
> > 26. End Sub
> >
> > 27. ImportCertificate()
> >
> > </MrMarkShoneMan'sVBScriptCode>
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - forms, calculators, tips, more
> > http://taxes.yahoo.com/
> >
>
______________________________________________________________________
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
>
=== message truncated ===
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
