Peter Darke wrote:
>
> Hi all,
>
> Here is an interesting one:
>
> I created a cert using pkcs12(0.3).
> I tried to import into MSIE 4.0., it failed.
> (The root cert is installed)
> I successfully imported it into Netscape 4.04, then re-exported it.
> This cert loaded into MSIE4!
>
> What happened?
>
OK it's late here so I could be wrong when I make a quick guess or two.
You could force this behaviour with the -maciter option, I assume you
didn't do that.
Otherwise maybe the CA certificate is considered invalid by Netscape and
MSIE doesn't like it in a PKCS#12 file. This might happen:
1. Import into Netscape: user certificate added, CA not added because it
is considered invalid.
2. Export from Netscape: no CA certificate exported.
3. Import into MSIE: this time just the user certificate and success!
You can check this by using pkcs12 to pull apart the two files and
seeing what certificates are present. You could also try verifying the
certificte in Netscape to see if it has added the CA certificate.
If that isn't the problem then I'd be interested to know what was
happening myself!
BTW I've recently updated my FAQ to suggest that anyone using MSIE for
PKCS#12 import omit the CA certificate and load that manually first: it
frequently causes trouble even if it is present.
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant. For info see homepage.
Homepage: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
PGP key: via homepage.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
