RE: [ssl-users] MSIE4 Certs

Fri, 5 Jun 1998 00:56:09 -0400 

Now why didn't I think of that? :-)

Thats exactly what happened. I had an old root cert in netscape.
I removed the root CA cert from the p12 file, and it worked.

Great, now I just have to automate it...

Many Thanks.

Peter J. Darke
http://www.gpnetwork.net.au - Networking Australian GP's
Ph : 03 63345874


> -----Original Message-----
> From: Dr Stephen Henson [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, June 05, 1998 11:40 AM
> To:   Peter Darke
> Cc:   [EMAIL PROTECTED]
> Subject:      Re: [ssl-users] MSIE4 Certs
> 
> Peter Darke wrote:
> > 
> > Hi all,
> > 
> > Here is an interesting one:
> > 
> > I created a cert using pkcs12(0.3).
> > I tried to import into MSIE 4.0., it failed.
> > (The root cert is installed)
> > I successfully imported it into Netscape 4.04, then re-exported it.
> > This cert loaded into MSIE4!
> > 
> > What happened?
> > 
> 
> OK it's late here so I could be wrong when I make a quick guess or
> two.
> You could force this behaviour with the -maciter option, I assume you
> didn't do that.
> 
> Otherwise maybe the CA certificate is considered invalid by Netscape
> and
> MSIE doesn't like it in a PKCS#12 file. This might happen:
> 
> 1. Import into Netscape: user certificate added, CA not added because
> it
> is considered invalid.
> 2. Export from Netscape: no CA certificate exported.
> 3. Import into MSIE: this time just the user certificate and success!
> 
> You can check this by using pkcs12 to pull apart the two files and
> seeing what certificates are present. You could also try verifying the
> certificte in Netscape to see if it has added the CA certificate.
> 
> If that isn't the problem then I'd be interested to know what was
> happening myself!
> 
> BTW I've recently updated my FAQ to suggest that anyone using MSIE for
> PKCS#12 import omit the CA certificate and load that manually first:
> it
> frequently causes trouble even if it is present.
> 
> Steve.
> -- 
> Dr Stephen N. Henson.
> UK based freelance Cryptographic Consultant. For info see homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk/
> Email: [EMAIL PROTECTED]
> PGP key: via homepage.
> 
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to