Michael Ströder [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
Ricardo Barroso wrote:
The problem is that the PKCS#10 that generateCRMFRequest() method
returns
fails to decode in tha CA - and I know that is not a problem of my CA,
and
I've tested that with other CA. If I use the KEYGEN tag to create
the PKCS#10
it goes all ok,
1. keygen tag does *not* generate a PKCS#10 request. It's a
SPKAC request. That makes a difference!
Do you know if it's usual that CAs support Netscape Signed Public Key
And Challenge (SPKAC)?
What are the main differences betwwen PKCS#10 and SPKAC?
2. A CRMF request may contain a PKCS#10 request. But it's more
than that. Your CA has to handle CMP/CRMF. It might help if you
tell us which CA product you're using.
I'm using an Entrust CA 5.1 and I've also used a very good on-line CA
(that I recommend to everyone) to make some tests:
http://pki.ssh.com:8080/enroll-form-start.html
and the SPKAC generated works well there!
but despite that, when I try to install the
certificate issued
by one CA the importUserCertificates() also fails with and
returns
the fail
code: 0x80004005 (NS_ERROR_FAILURE)...
How are you sure that your CA returns exactly the right response?
Well, isn't it supposed!? I tried it with that 2 differente CAs
mencioned
above... and they work very well with the IE requests.
Do you already have used importUserCertificates() javascript method
with
success?
What I have done to go around that problem, it was to redirect the
browser to a
(.cer or .crt) file with the PKCS#7 certificate and it works fine with
Mozilla
because it automatically asks If I want to install the certificate.
I have also been trying to do that without the need of generate a file
for each
certificate but I wasn't able to do that!
Maybe If I do a script or cgi in the server side to return that with
the correct
MIME-type it works, but locally I can't do it!
Thanks to all the people who have or are trying to help me...
Best regards,
Ricardo Barroso
Ciao, Michael.