It's actually relatively easy to pull certificates out of the NT registry.
It requires IE4.0 or 5.0 (5.0 works better), but here are the steps:
1) Go to Settings | Control Panel | Internet.
2) Click Content.
3) Under 'Certificates', click the Certificates button.
4) In the window that pops up, click on 'Intermediate Certification
Authorities'.
You should be able to then click on the appropriate certificate, and
Export.
(If you do not know the name of the SGC Intermediate Authority that you
need to be using, you can put the SGC certificate that you received from
VeriSign on an NT/IIS server, install the sgcinst.exe, and then connect to
that server in secure mode from MSIE. This should allow you to
double-click the lock icon, select the certificate that you don't have [in
the 'certification chain' window, click on it, and then click 'View
Certificate'], and export it to a file. [This is done under the Details
tab, and Copy to File.])
Hope this helps. (I believe it gets exported in standard .der format, but
I could be mistaken.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
----Begin FurryCode v1.3----
FCWw5amrsw A- C+ D H+++ M+++++[servercoder] P+ R++ T+++ W Z++ Sm++
RLCT/M*/LW* a cl/u/v++++>+++++ !d e- f>++++ h++ iwf+++ j p->+ sm++
----End FurryCode v1.3----
On Wed, 12 Apr 2000, Francesco D'Inzeo wrote:
> As seen in subject a collegue of mine requested a Global ID
> certificate from Verisign for Microsoft IIS, but we need to
> use it with Apache + ModSSL + PHP on Win NT 4.0.
>
> When we received the Verisign mail with the certificate I
> thaught it was the same for Apache and I tried to install
> it, but Apache+ModSSL complained it was a wrong certificate.
> Investigating further on the Verisign Web site, they say that
> for IIS to work fine I have to download a microsoft piece of
> software "sgcinst.exe".
>
> I downloaded it and I run it against the certificate Verisign
> sent to us by e-mail.
>
> the sintax for that utility is :
>
> USAGE: sgcinst [-?] [-v] [-c] [-i] [-r] [-o outputfile] inputfile
>
> Invalid Parameter: Input filename required.
>
> -? This help message
> -v Verbose output
> -c Confirm - check to see if intermediate certificates were installed
> -i Install intermediate certificate - requires Administrator privileges
> -r File contains root certificate, ignore it
> -o Name of server certificate to install with IIS' key manager
>
> This tool does two things:
>
> Install the intermediate certificates necessary for SGC to work properly
> on a server. The intermediate certificates MUST be installed on EVERY
> server.
>
> Parse out the server certificate that the IIS' key manager needs to install.
>
> sgcinst: Failed while processing parameters
>
> so I issued the following command
>
> sgcinst -v -i -o server.crt verisign.crt
>
> where
> verisign.crt is the e-mailed certificate
> server.crt is the output certificate
>
> I installed this generated certificate and everithing works fine except
> for :
>
> The CA that signed the certificate is not on the browsers list so browsers
> (Netscape and IE) complain that they cannot recognize the CA.
>
> I found that when I started the "sgcinst.exe" program it added something
> on the Win NT registry, and it seems to be a new entry for the list of
> CA which in my case is :
>
> Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International
>Server CA - Class 3,
> OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
>
> The question is:
>
> Is there a mode of extracting the information about CA from the verisign.crt
> or even from the registry to put it in the ca-bundle.crt ?
>
> Any advice will be very appreciated.
>
>
> -------------------------------------------------------------------
> "On a day not different than the one now dawning, Leonardo drew the
> first strokes of the Mona Lisa, Shakespeare wrote the first words
> of Hamlet, and Beethoven began work on his Ninth Symphony."
> And Windows98 Crashed!
> -------------------------------------------------------------------
> Francesco D'Inzeo
> WinTech S.r.l.
> Via Lisbona 7
> 35127 PADOVA (Italy)
> Tel. (+39)-(0)49-8703033
> Fax. (+39)-(0)49-8703045
> e-mail [EMAIL PROTECTED]
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
