Michael Ströder <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Ricardo Barroso wrote: > > The problem is that the PKCS#10 that "generateCRMFRequest()" method > > returns > > fails to decode in tha CA - and I know that is not a problem of my CA, > > and > > I've tested that with other CA. If I use the <KEYGEN> tag to create > > the PKCS#10 > > it goes all ok, > > 1. <keygen> tag does *not* generate a PKCS#10 request. It's a > SPKAC request. That makes a difference!
Do you know if it's usual that CAs support Netscape Signed Public Key And Challenge (SPKAC)? What are the main differences betwwen PKCS#10 and SPKAC? > 2. A CRMF request may contain a PKCS#10 request. But it's more > than that. Your CA has to handle CMP/CRMF. It might help if you > tell us which CA product you're using. I'm using an Entrust CA 5.1 and I've also used a very good on-line CA (that I recommend to everyone) to make some tests: http://pki.ssh.com:8080/enroll-form-start.html and the SPKAC generated works well there! > > but despite that, when I try to install the > > certificate issued > > by one CA the "importUserCertificates()" also fails with and > > returns > > the fail > > code: 0x80004005 (NS_ERROR_FAILURE)... > > How are you sure that your CA returns exactly the right response? Well, isn't it supposed!? I tried it with that 2 differente CAs mencioned above... and they work very well with the IE requests. Do you already have used "importUserCertificates()" javascript method with success? What I have done to go around that problem, it was to redirect the browser to a (.cer or .crt) file with the PKCS#7 certificate and it works fine with Mozilla because it automatically asks If I want to install the certificate. I have also been trying to do that without the need of generate a file for each certificate but I wasn't able to do that! Maybe If I do a script or cgi in the server side to return that with the correct MIME-type it works, but locally I can't do it! Thanks to all the people who have or are trying to help me... Best regards, Ricardo Barroso > Ciao, Michael.