Which cert?

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

trahan - 01 Sep 2006 18:11 GMT

I am currently useing WSE3 test certificates to secure a web service.

Our company has a Microsoft Certificate Server. However, I'm not sure
which kind of certificate I need to get from it. The first one I tried
let me export a private key. But when I tried to use that private key
in the WSE wizard within .Net, I get the error, "Selected Certificate
does not support data encryption.

The certificate I got was X.509, but there a quite a few options on the
certificate server, so I was guessing as to how to proceed.

Could anyone straighten me out on exactly what I need?

Thanks.

Reply to this Message

Pablo Cibraro [MVP] - 11 Sep 2006 15:46 GMT

Hi,

You need to create a certificate with data signing and key exchange support.
(These are two checkboxes in the wizard to create a certificate request).

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

> I am currently useing WSE3 test certificates to secure a web service.
>
[quoted text clipped - 12 lines]
>
> *** Sent via Developersdex http://www.developersdex.com ***

Reply to this Message

Erik Haug - 14 Sep 2006 12:18 GMT

Hi,

I am trying to generate a certificate with data signing and key exchange
support, but i can't find the checkboxes you mention. Which certificate
templates should i use?

Regards,
Erik Haug

> Hi,
>
[quoted text clipped - 21 lines]
> >
> > *** Sent via Developersdex http://www.developersdex.com ***

Reply to this Message

Mike W - 26 Sep 2006 15:10 GMT

I am having the same problem. Not sure which template to use.

> Hi,
>
[quoted text clipped - 30 lines]
> > >
> > > *** Sent via Developersdex http://www.developersdex.com ***

Reply to this Message

Techno_Dex - 27 Sep 2006 18:17 GMT

Try using the Client Authentication and Server Authentication templates.
You might have to install them. I will try to follow up with more details
when I have time and find my document. I have enclosed some of the ids some
of the templates.
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.3 Code Signing
1.3.6.1.5.5.7.3.1 Server Authentication

1.3.6.1.5.5.7.3.8 Time Stamping
1.3.6.1.4.1.311.10.3.12 Document Signing
1.3.6.1.4.1.311.10.3.2 Microsoft Time Stamping

>I am having the same problem. Not sure which template to use.
>
[quoted text clipped - 38 lines]
>> > >
>> > > *** Sent via Developersdex http://www.developersdex.com ***

Reply to this Message

trahan - 06 Oct 2006 23:37 GMT

Sorry, but I'm still having trouble finding the correct templates.

From our cert server I'll select "Request a certificate", then I'll
select "Submit Advanced Certificate Request".

Under advanced, there are three options, one for "Create and Submit",
another for a request with base 64 encoded CMC (or renewal request), and
the last for smart cards.

So I chose the first, and then the next page offers three certificate
templates, "User", "EFS", "TLS". I chose "User", and there is an option
for marking keys as exportable. But I don't see anything about data
signing. And I gather that an exportable key is not the same as one with
key exchange support.

There is also an option of installing the key to the local computer cert
store, which I was not selecting. I was simply exporting the key that
was placed in my personal store after my request was submitted.

I'm using these certs for authentication, and the cert that the "User"
template gives me says in its description that it supports such use.

What am I missing -- is it that our cert server is not capable of
generating the type of cert I need? I have been doing my development
with the certs provided with the hands-on-lab for WSE 3 and they work.

I'm sorry if I'm missing something really obvious.

Thanks.

Reply to this Message

trahan - 10 Oct 2006 22:32 GMT

Ok, sorry, I was missing the correct templates, and needed to install
them (as was clearly stated in a response above!).

Reply to this Message

Which cert?

Free Magazines