> [...]
> use. The problem is that the list is empty! The exact same list contains
> the installed certificates, when I control it in 'passive' mode so to
> speak.
> In trying to find out the problem I have visited a number of sites, but
> the picture that I get is quite confused. Which versions of Explorer
> support client certificates generated by ssleay? Are there differences
> in language implementations (we're using a Swedish version)?
> In summary, my question has two parts - the specific problem of
> 'disappearing' certificates, and, more importantly, what is the general
> status of Explorer vs certificates?
>
> Any help that you can offer would be greatly appreciated,
>
>
Kenneth,
i think this problem might be caused by those IE/Outlook bugs mentioned in
the excellent document from Stephen Henson.
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html
(i had no problem to import a ca-fixed pkcs12 cert into IE and then
connecting to a secure site that wants cert authentfication).
You should also consider to get a newer version of the enroll ActiveX
control. Clifford himself mentions that his version might be outdated.
Now for the hard part:
I'm just fiddeling with the same problem as you - setting up a 'private mini
CA'. But i'm trying to solve it with the help of PHP and a MySQL db, so i've
better control over the enrollment process. I think there are several people
out there who should be interested in a 'private mini CA', so maybe we could
start a little project out of this.
By the way: Tim Hudson of Cryposoft (mentioned in the SSLeay FAQ) has a
working PERL script for a mini CA that would be a good starting point for
such a project. But despite he is offering the sourcecode when emailed, he
apparently doesn't want to give it out...8-<..
Greetings
Michael
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
