Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Unable to access secure site using IE 1
- Thread starter jamkitts
- Start date
what CA did it come from (verisign, UNIX CA, Solaris, etc.)
You are missing the required attributes for Windows...namely, enhanced key usage, certificate template name if possible, ...couple more too
Would haev been opposite had you made the cert on a MS CA to use in netscape...you would've found it working in IE but not in netscape....
netscape (and netscape CAs) uses different certificate attributes than IE...
you must add the required attributes into the cert request....if you can paste your .inf file (blank out the subject and any subject alternative names for your own security).....I'll take a look and adjust it...then you can use certreq to create a new request for submitting to the CA
You will need a new cert though....either a remake of this one if possible (get it in place of this one), or a new cert altogether...your gonna need those attributes
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
You are missing the required attributes for Windows...namely, enhanced key usage, certificate template name if possible, ...couple more too
Would haev been opposite had you made the cert on a MS CA to use in netscape...you would've found it working in IE but not in netscape....
netscape (and netscape CAs) uses different certificate attributes than IE...
you must add the required attributes into the cert request....if you can paste your .inf file (blank out the subject and any subject alternative names for your own security).....I'll take a look and adjust it...then you can use certreq to create a new request for submitting to the CA
You will need a new cert though....either a remake of this one if possible (get it in place of this one), or a new cert altogether...your gonna need those attributes
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
if you are missing enhanced key usage, basic constraints, or any number of other attributes that are NOT given in a cert from a netscape CA (UNIX, Solaris, etc.) unless specifically requested (not to mention the CA must be configured to allow the extensions)anyways, netscape certs come out with attributes like netscape cert type vs. MS's certificate template; netscape certificate use vs. MS's enhanced key usage, etc.
high encryption pack is what, 3 yrs old or so.....if thats not on then the machine probably hasnt ran in that long
the most common item seen is when a cert was requested from a netscape based CA and will not work in IE, or, a cefrt requested from a MS CA will not work in netscape...both are extremely common
if you have you inf I'll fix it for you, as I beleive I mentioend earlier....or at least health check it to be sure all windows requierd attributes are present and correct...
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
high encryption pack is what, 3 yrs old or so.....if thats not on then the machine probably hasnt ran in that long
the most common item seen is when a cert was requested from a netscape based CA and will not work in IE, or, a cefrt requested from a MS CA will not work in netscape...both are extremely common
if you have you inf I'll fix it for you, as I beleive I mentioend earlier....or at least health check it to be sure all windows requierd attributes are present and correct...
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
-
1
- Thread starter
- #6
coolio glad to hear it...
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
-Brandon Wilson
MCSE00/03, MCSA:Messaging, MCSA03, A+
almost got a paragraph there
- Status
Similar threads
- Locked
- Question
- Locked
- Solved
