use openca-0.9.1 rc5 or higher. there are scripts containing new active x
calls because of m$ patch for cryptoapi in msie. so the old scripts
do not work. or you can use the scripts i've attached for your
convenience. the scripts are located in:
$openca_dir/lib/servers/pub/sheets/
martin lizner
www.anect.com
czech rep.
On Sun, 23 Feb 2003, Kevin Metz wrote:
> I looked in the archives and found something close but not my exact
> problem.
>
> When I go and try to request a certificate and click on the
> 'auto-dectect' I go through the first step of putting in all the
> information. And then I get the confirmation page, and I get the
> 'Default' cryptographic device ('ve selected 1024 as the key size). When
> I click on the 'Continue' button at the bottom of the page, I get
> nothing. I can't find anything in the error logs either. Now, I'm able
> to request a certificate using Netscape and it works. But I'm really
> hoping to get it working with Internet Explorer as well.
>
> Any information or suggestions would be greatly appreciated!
>
> Kevin
>
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
<META NAME="Author" CONTENT="Anect a.s.">
<!-- original Author is Bahaaldin Naji AlAmood (Bahaaldin Naji Al-Amood) [EMAIL
PROTECTED] -->
<title>Instalace certifikátu pro Microsoft Internet Explorer</title>
<!-- Use the Microsoft ActiveX control to install the certificate -->
<object
classid="clsid:43f8f289-7a20-11d0-8f06-00c04fc295e1"
codebase=xenroll.dll
id=certHelperOld>
</object>
<object
classid= "clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
codebase=xenroll.dll
id=certHelperNew>
</object>
<script language="jscript">
function InstallCertIE (cert)
{
// Explorer Installation
if (cert == "") {
document.all.result.innerText = "Certifikát nenalezen!";
return false;
}
try {
certHelperOld.acceptPKCS7(cert);
}
catch(e) {
try {
certHelperNew.acceptPKCS7(cert);
} catch (e) {
document.all.result.innerText = "Chyba instalace! Certifikát je buď již
nainstalován, nebo nemáte příslušný privátní klíč, nebo certifikát není v databázi.";
return false;
}
}
document.all.result.innerText = "Certifikát byl úspěšně nainstalován.";
}
</script>
</head>
<body class= "Zpět" onLoad="InstallCert$browser('$certpk7');" body text="#000000"
bgcolor="#FFFFFF" link="#009900" vlink="#09900" alink="#009900">
<center><table BORDER=0 CELLSPACING=5 CELLPADDING=10 COLS=1 WIDTH="70%" NOSAVE >
<tr NOSAVE>
<td NOSAVE>
<center><b><font face="Arial,Helvetica"><font color="#009900"><font size=+2>
Instalace certifikátu pro MS Internet Explorer
</font></font></font></b>
<p>
<hr WIDTH="100%">
</center>
<p>
<center><table BORDER=0 CELLSPACING=0 CELLPADDING=15 COLS=1 WIDTH="90%"
BGCOLOR="#E0E0FA" NOSAVE >
<tr>
<td>
<center>
<br>
<a class="normal" name="result">Instaluji certifikát...</a>
</center>
<p>
<p>
<center><a href="/pub" target="_top">Zpět</a> na hlavní nabídku PKI</center>
<br>
</td>
</tr>
</table></center>
<br>
<hr WIDTH="100%">
<center><font size=-2>(C) 2002 Kooperativa, pojišťovna, a. s., Anect a.s.,
OpenCA Group</font></center>
</td>
</tr>
</table></center>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-2">
<META NAME="Author" CONTENT="Anect a.s.">
<META NAME="GENERATOR" CONTENT="vi">
<TITLE>Potvrzení údajů</TITLE>
<object
classid="clsid:43f8f289-7a20-11d0-8f06-00c04fc295e1"
codebase=xenroll.dll
id=certHelperOld>
</object>
<object
classid= "clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
codebase=xenroll.dll
id=certHelperNew>
</object>
<SCRIPT LANGUAGE="VBScript">
dim PROV_RSA_FULL
dim OLD_XENROLL
dim NEW_XENROLL
PROV_RSA_FULL = 1
OLD_XENROLL = 0
NEW_XENROLL = 1
Function getXEnroll
dim tester
On Error Resume Next
tester = certHelperOld.MyStoreName
if Len (tester) > 0 then
getXEnroll = OLD_XENROLL
' MsgBox ("You are using an old Internet Explorer with a security bug
in XEnroll.dll (MS02-48).")
else
tester = certHelperNew.MyStoreName
if Len (tester) > 0 then
getXEnroll = NEW_XENROLL
' MsgBox ("You are using patched Internet Explorer.")
end if
end if
End Function
Function getComma (dn)
if Len(dn) > 0 then
getComma = ", "
else
getComma = ""
end if
End Function
function correctField ( field, desc )
if field = null then
correctField = false
exit function
end if
if not field.name = desc then
correctField = false
exit function
end if
correctField = true
end function
function checkField ( field )
if Len (field.value) = 0 then
MsgBox (field.name & " has the value " & field.value & " but it must
be filled.")
checkField = false
exit function
end if
checkField = true
end function
Sub GenReq (ouNum)
dim theForm
dim options
dim index
dim szName
dim sz10
dim xenroll
On Error Resume Next
set theForm = document.GenReqForm
xenroll = getXEnroll
name = theForm.csp.options(document.GenReqForm.csp.selectedIndex).value
if Len(name) > 0 then
if xenroll = OLD_XENROLL then
certHelperOld.ProviderName=name
MsgBox ("Bylo zvoleno kryptografické úložiště: " &
certHelperOld.ProviderName)
else
certHelperNew.ProviderName=name
MsgBox ("Bylo zvoleno kryptografické úložiště: " &
certHelperNew.ProviderName)
end if
else
if xenroll = OLD_XENROLL then
certHelperOld.ProviderName=""
else
certHelperNew.ProviderName=""
end if
MsgBox ("Bylo zvoleno defaultní kryptografické úložiště.")
end if
dn = ""
comma = ""
' WARNING Microsoft documents suggest RFC 2253 DNs
' but they do the same like OpenSSL
szName = "E=" & theForm.emailAddress.value
szName = "CN=" & theForm.first_name.value _
& " " & theForm.last_name.value _
& getComma (szName) & szName
for i = 1 to ouNum
ouInput = i & ".ou"
for elem = 1 to theForm.length
set e = theForm.elements(elem)
if correctField (e, ouInput) then
if checkField (e) then
szName = "OU=" & e.value & getComma (szName) & szName
else
exit sub
end if
end if
next
next
if Len (theForm.org.value) > 0 then
szName = "O=" & theForm.org.value & ", " & szName
end if
szName = "C=" & theForm.country.value & ", " & szName
' Msgbox ("DN is " & szName)
if xenroll = OLD_XENROLL then
certHelperOld.providerType = PROV_RSA_FULL
certHelperOld.HashAlgorithm = "SHA1"
certHelperOld.KeySpec = 1
certHelperOld.GenKeyFlags = 67108867
sz10 = certHelperOld.CreatePKCS10(szName, "1.3.6.1.4.1.311.2.1.21")
else
certHelperNew.providerType = PROV_RSA_FULL
certHelperNew.HashAlgorithm = "SHA1"
certHelperNew.KeySpec = 1
certHelperNew.GenKeyFlags = 67108867
sz10 = certHelperNew.CreatePKCS10(szName, "1.3.6.1.4.1.311.2.1.21")
end if
' certHelper.GenKeyFlags
' 0x0400 keylength (first 16 bit) => 1024
' 0x00000001 CRYPT_EXPORTABLE
' 0x00000002 CRYPT_USER_PROTECTED
' 0x04000003
' 0x0200 => this works for some
export-restricted browsers (512 bit)
' 0x02000003
' 33554435
if Len(sz10) = 0 then
if xenroll = OLD_XENROLL then
certHelperOld.GenKeyFlags = 67108866
sz10 = certHelperOld.CreatePKCS10(dn, "1.3.6.1.4.1.311.2.1.21")
else
certHelperNew.GenKeyFlags = 67108866
sz10 = certHelperNew.CreatePKCS10(dn, "1.3.6.1.4.1.311.2.1.21")
end if
if Len(theForm.asn1.value) = 0 then
MsgBox ("Vygenerování žádosti se nezdařilo!")
Exit Sub
end if
end if
theForm.request.value = sz10
'msgbox (theForm.request.value)
msgbox ("Vaše klíče i žádost byly úspěšně vygenerovány.")
theForm.submit
End Sub
</SCRIPT>
<SCRIPT LANGUAGE="VBScript">
sub enumCSP
dim prov
dim name
dim element
dim xenroll
On Error Resume Next
xenroll = getXEnroll
prov=0
document.GenReqForm.csp.selectedIndex = 0
do
name = ""
if xenroll = OLD_XENROLL then
name = certHelperOld.enumProviders(prov,0)
else
name = certHelperNew.enumProviders(prov,0)
end if
if Len (name) = 0 then
exit do
else
set element = document.createElement("OPTION")
element.text = name
element.value = name
document.GenReqForm.csp.add(element)
prov = prov + 1
end if
loop
end sub
</SCRIPT>
</HEAD>
<body text="#000000" bgcolor="#FFFFFF" link="#009900" vlink="#009900" alink="#009900"
ONLOAD="enumCSP()">
<CENTER><TABLE BORDER=0 CELLSPACING=5 CELLPADDING=5 COLS=1 WIDTH="70%" >
<TR>
<TD>
<center><b><font face="Arial,Helvetica"><font color="#009900"><font size=+2>
Potvrzení údajů
</font></font></font></b>
<p>
<hr WIDTH="100%">
</TD>
</TR>
<TR>
<TD>
<CENTER><TABLE BORDER=0 CELLSPACING=5 CELLPADDING=5 COLS=1 WIDTH="70%"
BGCOLOR="#E0E0FA" >
<TR>
<TD><BR>
<UL>
<LI>
Zkontrolujte prosím, zda údaje souhlasí a zda byly vloženy bez diakritiky, tedy
bez háčků a čárek:</LI>
</UL>
<CENTER><TABLE BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="90%" >
<TR VALIGN=CENTER>
<TD BGCOLOR="#FFFFFF" WIDTH="40%" ALIGN=RIGHT ><B>Jméno</B></TD>
<TD BGCOLOR="#FFFFFF" WIDTH="60%" ALIGN=LEFT >@FIRST_NAME@</TD>
</TR>
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD ALIGN=RIGHT WIDTH="40%" ><B>Příjmení</B></TD>
<TD ALIGN=LEFT WIDTH="60%" >@LAST_NAME@</TD>
</TR>
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD ALIGN=RIGHT WIDTH="40%" ><B>Skupina</B></TD>
<TD ALIGN=LEFT WIDTH="60%" >@OU@</TD>
</TR>
<!--
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD ALIGN=RIGHT WIDTH="40%" ><B>Country</B></TD>
<TD ALIGN=LEFT WIDTH="60%" >@C@</TD>
</TR>
-->
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD ALIGN=RIGHT WIDTH="40%" ><B>E-Mailová adresa</B></TD>
<TD ALIGN=LEFT WIDTH="60%" >@EMAILADDRESS@</TD>
</TR>
<!--
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD ALIGN=RIGHT WIDTH="40%" ><B>Role</B></TD>
<TD ALIGN=LEFT WIDTH="60%" >@ROLE@</TD>
</TR>
-->
<!--
<TR BGCOLOR="#FFFFFF" VALIGN=CENTER>
<TD WIDTH="40%" BGCOLOR="#FFFFFF" ALIGN=RIGHT><B>Registration Authority</B></TD>
<TD BGCOLOR="#FFFFFF" ALIGN=LEFT WIDTH="60%" >@RA@</TD>
</TR>
-->
<TR VALIGN=CENTER>
<TD WIDTH="40%" BGCOLOR="#FFFFFF" ALIGN=RIGHT ><B>PIN:</B></TD>
<TD BGCOLOR="#FFFFFF" WIDTH="60%" ALIGN=LEFT>**********</TD>
</TR></TABLE></CENTER>
<UL>
<LI>Pokud jsou všechny údaje v pořádku, zvolte typ kryptografického úložiště, na
které budou uloženy váš privátní a veřejný klíč a klikněte na tlačítko
<B>"Pokračovat..."</B>.</LI>
<BR><BR>
<LI>Většina uživatelů může bezpečně zvolit typ<B>"Default"</B>. Pokud disponujete
čtečkou čipových karet, zvolte příslušné zařízení.</LI><BR>
</UL>
<BR><FORM NAME="GenReqForm" enctype="multipart/form-data" METHOD="POST">
<center>
Kryptografické úložiště:
<select name="csp" size=1 id="csp">
<option value="" selected>Default</option>
</select>
<br><br>
<INPUT TYPE=Button NAME=Cont VALUE="Pokračovat..." OnClick="GenReq(@OUNUM@)">
<br>
<br>
</CENTER>
<INPUT TYPE=HIDDEN NAME="cmd" VALUE="ie_req">
<INPUT TYPE=HIDDEN NAME="operation" VALUE="client-confirmed-form">
<INPUT TYPE=HIDDEN NAME="emailAddress" VALUE="@EMAILADDRESS@">
<INPUT TYPE=HIDDEN NAME="first_name" VALUE="@FIRST_NAME@">
<INPUT TYPE=HIDDEN NAME="last_name" VALUE="@LAST_NAME@">
<INPUT TYPE=HIDDEN NAME="org" VALUE="@ORG@">
<INPUT TYPE=HIDDEN NAME="organization" VALUE="@ORG@">
<!-- The Hidden OUs are Generated by the request cgi -->
@HIDDEN_OU@
<INPUT TYPE=HIDDEN NAME="country" VALUE="@C@">
<INPUT TYPE=HIDDEN NAME="role" VALUE="@ROLE@">
<INPUT TYPE=HIDDEN NAME="passwd3" VALUE="@PASSWD1@">
<INPUT TYPE=HIDDEN NAME="ra" VALUE="@RA@">
<INPUT TYPE=HIDDEN NAME="request" VALUE="">
<INPUT TYPE=HIDDEN NAME="key" VALUE="@_KEY@">
</FORM></TD>
</TR>
</TABLE></CENTER>
<hr WIDTH="100%">
<center><font size=-2>(C) 2002 Kooperativa, pojišťovna, a. s., Anect a.s.,
OpenCA Group</font></center>
</TD>
</TR>
</TABLE></CENTER>
</BODY>
</HTML>
