Re: Installing pfx files ... or not

[Leigh Harrison]

If anyone can shed even a glimmer of light onto the reason for the invisibility of the CA in the following circumstances I'd be immensely grateful. This fails in the same fashion under NS4 and NS6, but the same code using the later toolset build works 100% under NS7.

Regards,

::Leigh
[EMAIL PROTECTED]
 
 

Leigh Harrison wrote:

Some further information that might be useful in edging me towards a solution here.

Checking the chain on the installed certificates, we have

C:\Projects\MyClient\NS utils\NSInstaller\NS4_NT4>certutil -O -n "MyClient Root CA" -d "C:\Program Files\Netscape\Users\leigh_harrison"
"MyClient Root CA" [EMAIL PROTECTED], CN=MyClient Root CA, OU=Certification Services, O=MyClient Limited, L=Auckland, C=NZ]

C:\Projects\MyClient\NS utils\NSInstaller\NS4_NT4>certutil -O -n "MyClient HMSCert CA" -d "C:\Program Files\Netscape\Users\leigh_harrison"
"MyClient Root CA" [EMAIL PROTECTED], CN=MyClient Root CA, OU=Certification Services, O=MyClient Limited, L=Auckland, C=NZ]

  "MyClient HMSCert CA" [EMAIL PROTECTED], CN=MyClient HMSCert CA, OU=Certification Services, O=MyClient Limited, C=NZ]

C:\Projects\MyClient\NS utils\NSInstaller\NS4_NT4>certutil -O -n "privateKey" -d "C:\Program Files\Netscape\Users\leigh_harrison"
"MyClient Root CA" [EMAIL PROTECTED], CN=MyClient Root CA, OU=Certification Services, O=MyClient Limited, L=Auckland, C=NZ]

  "MyClient HMSCert CA" [EMAIL PROTECTED], CN=MyClient HMSCert CA, OU=Certification Services, O=MyClient Limited, C=NZ]

    "privateKey" [EMAIL PROTECTED], CN=User Name, O=Black Coffee Software Ltd, L=Wellington, ST=-, C=NZ]

This all looks wonderfully fine. It would seem that there's a complete chain for the privateKey certificate. Trust settings seem fine too:

C:\Projects\MyClient\NS utils\NSInstaller\NS4_NT4>certutil -L -d "C:\Program Files\Netscape\Users\leigh_harrison"
MyClient Root CA                                             C,C,C
privateKey                                                   u,pu,u
MyClient HMSCert CA                                          C,C,C

C:\Projects\MyClient\NS utils\NSInstaller\NS4_NT4>certutil -K -d "C:\Program Files\Netscape\Users\leigh_harrison" -k "all" -f "maidinnz9.txt"
<0> privateKey
<1> privateKey

Note that I changed the trust settings for the MyClient certificates from "c,c,c," to "C,C,C," because I thought from Nelson Bolyard's comment that they should be this way.

OK. Looking good. Maybe. Well, no.

Because when we fire up the browser, the MyClient certificates verify just fine, but ... privateKey still weighs in with

Verification of the selected certificate failed for the following reasons:

privateKey
     Unable to find Certificate Authority

Aarrggh!. Surely it would be looking in the right place?

Further input appreciated, welcomed, loved and cared for in a good home. Promise.

Regards,

::Leigh Harrison
[EMAIL PROTECTED]