Ok, MSIE problem finally solved. It turns out that the various private
keys and certificate requests that I generated before was messing up
MSIE. Clearing the Private Keys, Certificate Requests, and the personal
Certificate entries in the registry solved the problem. MSIE FINALLY
recognizes the client cert. that I signed.
I also tested Steve's suggestion of adding the following line in ssleay
> EVP_add_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
and it works!! Thanks again, Steve.
After searching through the microsoft site, I found some docs on the
Certificate Enrollment Control (xenroll.dll) which some of you might
be interested in:
http://premium.microsoft.com/isapi/devonly/prodinfo/msdnprod/msdnlib.idc?theURL=/msdn/library/sdkdoc/pdwbase/xenrguid_41tg.htm
(if you are not already a MSDN member, you need to register first
before you can access).
Leon
Leon Poon wrote:
>
> Dr. Henson's suggestion did the trick - thanks! I can now signed the certificate
> request with SSLeay.
>
> Unfortunately, my adventure with MSIE is not entirely over. Using
> Martin Ouwehand's script (http://cognac.epfl.ch/SIC/SL/CA/)
> I was able to load the client cert into MSIE, but the stupid browser is NOT
> listing the client cert in its preferences (Internet Options-> Content->
> Certificates, Personal...) even though it shows up in the windows registry
> setting at
> HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
>
> What extra steps do I need to make MSIE recognize the client cert?
>
> Leon
>
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
