Dr. Henson's suggestion did the trick - thanks! I can now signed the certificate
request with SSLeay.
Unfortunately, my adventure with MSIE is not entirely over. Using
Martin Ouwehand's script (http://cognac.epfl.ch/SIC/SL/CA/)
I was able to load the client cert into MSIE, but the stupid browser is NOT
listing the client cert in its preferences (Internet Options-> Content->
Certificates, Personal...) even though it shows up in the windows registry
setting at
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
What extra steps do I need to make MSIE recognize the client cert?
Leon
Dr Stephen Henson wrote:
>
> Leon Poon wrote:
> >
> >
> > Note that the Signature Algorithm is UNKNOWN.
> > I don't have the latest MSIE 4.01 either; could that be part of the
> > problem?
> >
> > Any ideas or suggestions would be greatly appreciated.
>
> This is the problem with SSLeay not recognising the PKIX
> sha1withRSAEncryption OID. The object is now in 0.9.0 but isn't
> apparently recognised yet.
>
> Quick fix is to use MD5 for the digest algorithm. E.g. with
>
> Icontrol.HashAlgorithm = "MD5"
>
> in the enrollment script.
>
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
