Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2006

Tip: Looking for answers? Try searching our database.

WSE 3.0 and 2003 STD CA

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Garth Keesler - 07 Feb 2006 15:24 GMT
I'm attempting to use certs in WSE 3.0 that were issued by CA running on
a 2003 box. I'm only trying to use the certs for identification, not
encryption. I'm not even using a secure connection between the WinForms
client and the webserver. Trouble is, the WSE Wizard doesn't like those
certificates because they aren't capable of being used for encryption.
But, as stated prior, I'm not trying to use them for encryption, only
signing. If you open either the server or the client cert, they both
indicate that signing is a valid use of the cert.

Are CA certs simply of no value in this situation?

Thanx,
Garth
Reply to this Message
Luke Zhang [MSFT] - 08 Feb 2006 02:32 GMT
Hello Garth,

A certificate, which must support data encryption, is required here. To
support data encryption, the Key Usage property of the X.509 certificate
must include the Data Encipherment attribute.

Hope this help,

Luke Zhang
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Reply to this Message
Niels Flensted-Jensen - 08 Feb 2006 11:00 GMT
Garth,

I think another issue is that the WSE wizardry will only work with the
turnkey policy assertions supported by WSE 3.0 (I assume you are using one of
the mutualCertificate assertions - have a look in the generated policy file).


If you want to use a certificate for identification only, you must put
together you own policy.

And this aside, it may still be like Luke suggests that your still need a
"Encipherment " attribute set, so maybe you just want to get one of those
anyway?  Maybe you can't even sign without this ability?

Niels

> I'm attempting to use certs in WSE 3.0 that were issued by CA running on
> a 2003 box. I'm only trying to use the certs for identification, not
[quoted text clipped - 9 lines]
> Thanx,
> Garth
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.