OK, this is something important to know. So, are you simply assigning the PEM-encoded cert to pkcs7 in the following statement? In other words, nothing is really done to pkcs7ChainBase64 before it is assigned to pkcs7, right?
pkcs7 = result.header.pkcs7ChainBase64 And, the following line: pkcsa7 =< wherever or however you get your cert > also seems to mean that the PEM-encoded cert does not have to be put in the HTTP response header, right? Mark. --- [EMAIL PROTECTED] wrote: > Right > pkcs7 = result.header.pkcs7ChainBase64 > is all native to our installation and how we get the > cert back from the CA > > so you should have > > pkcsa7 =< wherever or however you get your cert > > > > Mark Liu <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 02/27/03 09:25 AM > Please respond to openssl-users > > > To: [EMAIL PROTECTED] > cc: > Subject: Re: Importing PKCS7 > Certificate Into Internet Explorer > > > Thanks a lot, Mark, > > I actually read that MSDN description of acceptPKCS7 > function, which does not say what "result" is. > > Do you mean that "result" is actually a reserved key > word in VBScript that refers to an HTTP response? > > In other words, "result" is not the name of a hidden > HTML form? > > Thanks. > > Mark > > --- [EMAIL PROTECTED] wrote: > > ----- Forwarded by Mark Shoneman/DLX Guest on > > 02/27/03 06:36 AM ----- > > > > > > Mark Liu <[EMAIL PROTECTED]> > > Sent by: [EMAIL PROTECTED] > > 02/26/03 06:07 PM > > Please respond to openssl-users > > > > > > To: [EMAIL PROTECTED] > > cc: > > Subject: Importing PKCS7 > Certificate > > Into Internet Explorer > > > > > > Mr. Mark Shoneman gave a fragment of VBScript code > > to > > import a PKCS7 certificate into Internet Explorer. > > > > The code is pasted below. > > > > I am very dumb at VBScript, and have difficulty > > understanding line 5, i.e., > > > > pkcs7 = result.header.pkcs7ChainBase64 > > > > Question 1: What object is the "result"? > > > > See below > > > > Question 2: Does this line suggest that the PEM > > certificate is returned to the client in the HTTP > > response header? > > > > You bet > > > > Question 3: What is pkcs7ChainBase64? > > > > What I call the PEM certificate returned from the > CA > > > > The acceptPKCS7 method accepts and processes a > PKCS > > #7 message containing a certificate. > > The PKCS #7 is input as a parameter. This method > was > > first defined in the ICEnroll interface. > > HRESULT acceptPKCS7( > > BSTR PKCS7 > > ); > > Parameters > > PKCS7 > > [in] Represents the base64-encoded PKCS #7 > > containing the certificate and > > the chain of certificates identifying the issuer. > > Return Values > > The return value is an HRESULT. A value of S_OK > > indicates success. Upon successful completion of > > this > > function, the PKCS7 will be accepted. > > Remarks > > The PKCS #7 input as a parameter for acceptPKCS7 > > contains the request certificate and the chain of > > certificates > > identifying the issuer of the certificate. > > Typically, but not always, the > > chain of certificates does not include the root. > The > > PKCS #7 can be in > > base64-encoded, binary, or X.509 certificate > format > > (with or without the begin cert / end cert tags). > > The certificate and the associated keys generated > > for it are put in the > > MY store. A root certificate is placed in the ROOT > > store and the rest of the chain of certificates > are > > placed in the certification authority (CA) store. > If > > any ROOT certificates found in the PKCS #7 are > > accepted, > > Crypt32 will notify the user that a ROOT > certificate > > is being added to his > > store. The user has the option of declining the > ROOT > > certificate. This > > option is provided so that the user can decline to > > place an untrusted root > > in the ROOT store. Declining to place the ROOT in > > the ROOT store will not > > cause Certificate Enrollment Control to fail > > acceptance. > > By default, the system stores MY, CA, ROOT, and > > REQUEST are used to store > > the certificates. However, you can specify other > > stores by assigning the > > following properties before calling this method: > > > > > > Please kindly educate me. Thanks a lot. > > > > <MrMarkShoneMan'sVBScriptCode> > > > > 1. Sub ImportCertificate > > > > 2. Dim pkcs7 > > > > 3. On Error Resume Next > > > > 4. 'Convert the PEM cert to PKCS7 format > > 5. pkcs7 = result.header.pkcs7ChainBase64 > > 6. If (IsEmpty(pkcs7) OR theError <> 0) Then > > 7. ret = MsgBox("Could not convert > > certificate > > to PKCS7 format", 0, "Import Cert") > > 8. Exit Sub > > 9. End If > > > > 10. 'Import the PKCS7 object > > 11. Enroll.DeleteRequestCert = FALSE > > 12. Enroll.WriteCertToCSP = true > > 13. Enroll.acceptPKCS7(pkcs7) > > 14. if err.number <> 0 then > > 15. Enroll.WriteCertToCSP = false > > 16. end if > > 17. err.clear > > 18. Enroll.acceptPKCS7(pkcs7) > > 19. if err.number = 0 then > > 20. MsgBox "Certificate has been > successfully > > imported.",0,"Certificate Success" > > 21. else > > 22. sz = "Error in acceptPKCS7. Error Number > " > > & > > Hex(err.number) & "occurred." > > 23. MsgBox sz > > 24. end if > > > > 25. Exit Sub > > > > 26. End Sub > > > > 27. ImportCertificate() > > > > </MrMarkShoneMan'sVBScriptCode> > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Tax Center - forms, calculators, tips, more > > http://taxes.yahoo.com/ > > > ______________________________________________________________________ > > OpenSSL Project > > http://www.openssl.org > > User Support Mailing List > === message truncated === > ATTACHMENT part 2 application/x-pkcs7-signature name=smime.p7s __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]