Steve,
Dr Stephen Henson wrote:
>
>
> This is because the request contains a BMPString which is encoded with
> 16 bit characters. You probably included characters outside the
> PrintableString set in that field (e.g. &, @). There is an option in
> Xenroll to use T61Strings (can't recall its name...) which may help or
> just keep to the PrintableString set.
I went to Microsoft and could not find information anymore about the
xenroll.dll in the msdn area. Do you by any chance know of another
source for docs on the xenroll.dll? If not, how do I 'keep to the
PrintableString set?'
>
> OpenSSL should handle this properly but it doesn't (yet). It will sign
> the request OK but wont convert string types and it prints out the
> characters in this weird form.
I generate the request under MSIE with this subroutine:
Sub Submit_OnClick
Dim sz10
Dim szName
' Set TheForm = Document.CertReqForm
szName =
"C=" & _
document.CertReqForm.Country.value & _
";
S=" & _
document.CertReqForm.State.value & _
";
L=" & _
document.CertReqForm.Location.value & _
";
O=" & _
document.CertReqForm.Company.value & _
";
OU=" & _
document.CertReqForm.OrganizationalUnit.value & _
";
CN=" & _
document.CertReqForm.CommonName.value & _
";
1.2.840.113549.1.9.1=" & _
document.CertReqForm.EmailAddress.value
Enroll.KeySpec = 1
Enroll.GenKeyFlags = 3
sz10 = Enroll.CreatePKCS10(szName,"1.3.6.1.5.5.7.3.2")
' sz10 = Enroll.CreatePKCS10(szName,"1.3.6.1.4.1.311.2.1.21")
if (sz10 = Empty OR theError <> 0) Then
sz = "The error '" & Hex(theError) & "' occurred." & _
chr(13) & chr(10) & _
"Your credentials could not be generated."
result = MsgBox(sz, 0, "Credentials Enrollment")
Exit Sub
else
document.CertReqForm.ms_req.value = sz10
document.CertReqForm.submit()
end if
End Sub
The code comes from an example that I found last year in the MSDN
Library at Microsoft. It does work to generate the request in DER
format, but I do not understand how.
I have tried both 'Usage' keys shown above. They both work, but I am
really not sure what these are doing, since I have never found thorough
documentation at Microsoft to explain the Enroll object. Do you know
where this is documented? I even bought Visual Basic 6.0 hoping that
there would be information there, but not that I have found.
I am not real concerned about the certificates that are generated, MSIE
accepts them quite well, but the extraneous code does mess up the MySQL
database where I store all information about each request and issuance.
Can I assume that I can not 'scrub' the raw request either before or
after I convert from DER to PEM? If so, should I clean the ASCII left
in 'cert.signed' that I generate like so:
$SSL/openssl ca -verbose -config acaciPVT-openssl.cnf -gencrl -msie_hack
\
-out $DIR/cert.signed \
-infiles $DIR/req.pem
I would like for it to be cleaned before I convert it to crl2pkcs7
format and strip the base64 PKCS7 garbage out.
Thank you,
Murrah Boswell
[EMAIL PROTECTED]
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
