Re: Problems with Mozilla/Netscape PSM JavaScript API

2002-05-15 Thread Ricardo Barroso 

Michael Ströder [EMAIL PROTECTED] wrote in message 
news:[EMAIL PROTECTED]...
 Ricardo Barroso wrote:
  The problem is that the PKCS#10 that generateCRMFRequest() method
  returns
  fails to decode in tha CA - and I know that is not a problem of my CA,
  and
  I've tested that with other CA. If I use the KEYGEN tag to create
  the PKCS#10
  it goes all ok,
 
 1. keygen tag does *not* generate a PKCS#10 request. It's a 
 SPKAC request. That makes a difference!

Do you know if it's usual that CAs support Netscape Signed Public Key
And Challenge (SPKAC)?
What are the main differences betwwen PKCS#10 and SPKAC?

 2. A CRMF request may contain a PKCS#10 request. But it's more 
 than that. Your CA has to handle CMP/CRMF. It might help if you 
 tell us which CA product you're using.

I'm using an Entrust CA 5.1 and I've also used a very good on-line CA
(that I recommend to everyone) to make some tests:

  http://pki.ssh.com:8080/enroll-form-start.html

and the SPKAC generated works well there!

   but despite that, when I try to install the
   certificate issued
   by one CA the importUserCertificates() also fails with and
   returns
   the fail
   code: 0x80004005 (NS_ERROR_FAILURE)...
 
 How are you sure that your CA returns exactly the right response?

Well, isn't it supposed!? I tried it with that 2 differente CAs
mencioned
above... and they work very well with the IE requests.

Do you already have used importUserCertificates() javascript method
with
success?

What I have done to go around that problem, it was to redirect the
browser to a
(.cer or .crt) file with the PKCS#7 certificate and it works fine with
Mozilla
because it automatically asks If I want to install the certificate.

I have also been trying to do that without the need of generate a file
for each
certificate but I wasn't able to do that! 
Maybe If I do a script or cgi in the server side to return that with
the correct
MIME-type it works, but locally I can't do it!

Thanks to all the people who have or are trying to help me...

Best regards,
  Ricardo Barroso


 Ciao, Michael.

Re: Problems with Mozilla/Netscape PSM JavaScript API

2002-05-09 Thread Fabian Guisset 

Ricardo Barroso wrote:
 Hello people!
 
 I'm trying to use the JavaScript API for Mozilla/Netscape PSM to
 generate a certificate request (PKCS#10), send it to a CA, and then
 install the issued certifcate (PKCS#7) into the browser keystore.
 
 I'm using the crypto.generateCRMFRequest() method to create the
 PKCS#10 and
 then the crypto.importUserCertificates() to install the PKCS#7
 certificate
 into the browser keystore.
 
 The problem is that the PKCS#10 that generateCRMFRequest() method
 returns
 fails to decode in tha CA - and I know that is not a problem of my CA,
 and
 I've tested that with other CA. If I use the KEYGEN tag to create
 the PKCS#10
 it goes all ok, but despite that, when I try to install the
 certificate issued
 by one CA the importUserCertificates() also fails with and returns
 the fail
 code: 0x80004005 (NS_ERROR_FAILURE)...
 
 I've done lot of searchs about that and the better and the only API
 that I found is in 
http://docs.iplanet.com/docs/manuals/psm/14/cmcjavascriptapi.html,
 if you know someone better I would be please if you can send me also
 that link.
 
 I found a post from Hong Qiu (that seems to have changed is mail) in
 netscape.public.mozilla.crypto mailing-list
 
http://groups.google.com/groups?q=psm+api+javascripthl=enselm=3AA407F5.BF42811%40certicom.comrnum=1)
 and I seem that is problem was the same!
 
 If anyone knows somthing about that, please provide me some help...
 
 Thanks in advance,
 Ricardo Barroso

Possible bugs that you could be seeing (note that I know nothing about 
the crypto object or its status):
http://bugzilla.mozilla.org/show_bug.cgi?id=81249
http://bugzilla.mozilla.org/show_bug.cgi?id=104103

-Fabian.