Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Problem when requesting SSL certs with Vista......

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 01-10-2007
mlai
 

Posts: n/a
Problem when requesting SSL certs with Vista......
Just an observation:
I tried obtaining SSL certs with Vista thru Thawte (their free personal
email certs). I had to put www.thawte.com in a Trusted Zone and disable
protected mode for the trusted zone for it to work. However, when I import
the issued certificates, I do not get an option to mark the private key as
exportable and consequently, I cannot export the cert for backup and
installation on my laptop.

If I request the cert from XPSP2 (also IE7), I can mark the cert as
exportable and can export the cert in PFX format to be used on another
machine. The process is completely identical but it works on XPSP2 but not
Vista RTM (I am on x64).

Can anybody shed some light on this? It will be a major problem as I will
be moving to a pure Vista environment soon for my home network (which has 7
machines......)

Please help.
TIA.

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-10-2007
=?Utf-8?B?SmVzcGVy?=
 

Posts: n/a
RE: Problem when requesting SSL certs with Vista......
I noticed the same problem, and Thawte seems to be aware of it. It is really
up to them to rewrite their request page so it works. Some of the hardening
in IE on Vista must be breaking it.

"mlai" wrote:

> Just an observation:
> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> protected mode for the trusted zone for it to work. However, when I import
> the issued certificates, I do not get an option to mark the private key as
> exportable and consequently, I cannot export the cert for backup and
> installation on my laptop.
>
> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> exportable and can export the cert in PFX format to be used on another
> machine. The process is completely identical but it works on XPSP2 but not
> Vista RTM (I am on x64).
>
> Can anybody shed some light on this? It will be a major problem as I will
> be moving to a pure Vista environment soon for my home network (which has 7
> machines......)
>
> Please help.
> TIA.
>

Reply With Quote
  #3 (permalink)  
Old 01-11-2007
mlai
 

Posts: n/a
Re: Problem when requesting SSL certs with Vista......
Come to think of it, it probably has a lot to do with how Vista handles
securities instead of how these CA issues certificates. Looking at the
flow, the private key
was generated by various flavors MS cryptographic services. The private key
is probably saved on the requesting machine somewhere and also related to
the issuing CAs.

Here comes the potential problem. In Vista, you have to jump thru loops and
hoops to import certs in the sense that you need to get pass the UAC prompt
which temporarily changes the account credentials to achieve administrator
permissions.

The importing process probably broke down somewhere here as the account
requesting the cert is not the same as the one to import the cert and thus
when the cert is imported, it doesn't see the private key generated via the
user account. If that is the case, the cert importing component probably
assumed that the account (the admin account) does not have the private key
corresponding to the cert and thus does not present the Mark Private Key as
exportable option.

Once the cert is imported, to view the cert does not require admin
permission and thus the user can see (or rather Vista can see) the
corresponding private key (for the user account) matching the cert so it
correctly mentions that "you have a private key corresponding to this
cert....." blah blah blah. However, because the user cannot explicitly mark
the private key as exportable during the import process, the private key by
default is made not exportable.

This will be a huge issue with online issuing cert services for personal
uses. I have not tried requesting services related (IIS) certs from Vista
yet. With my experience with personal certs importing/exporting problems, I
probably won't at this stage..........

Another MS added "feature" to disable what is a perfectly fine process in
previous products.......

"Jesper" <Jesper@discussions.microsoft.com> wrote in message
news:4C88F0AC-0806-48AF-B2FA-6945D26CB562@microsoft.com...
>I noticed the same problem, and Thawte seems to be aware of it. It is
>really
> up to them to rewrite their request page so it works. Some of the
> hardening
> in IE on Vista must be breaking it.
>
> "mlai" wrote:
>
>> Just an observation:
>> I tried obtaining SSL certs with Vista thru Thawte (their free personal
>> email certs). I had to put www.thawte.com in a Trusted Zone and disable
>> protected mode for the trusted zone for it to work. However, when I
>> import
>> the issued certificates, I do not get an option to mark the private key
>> as
>> exportable and consequently, I cannot export the cert for backup and
>> installation on my laptop.
>>
>> If I request the cert from XPSP2 (also IE7), I can mark the cert as
>> exportable and can export the cert in PFX format to be used on another
>> machine. The process is completely identical but it works on XPSP2 but
>> not
>> Vista RTM (I am on x64).
>>
>> Can anybody shed some light on this? It will be a major problem as I
>> will
>> be moving to a pure Vista environment soon for my home network (which has
>> 7
>> machines......)
>>
>> Please help.
>> TIA.
>>


Reply With Quote
  #4 (permalink)  
Old 01-13-2007
=?Utf-8?B?RmlyZVdhbGwy?=
 

Posts: n/a
RE: Problem when requesting SSL certs with Vista......

Hello Mlai,

Curiosity has got the best of me, what is your intended purpose for
importing free certs from Thawte ?

Reluctant for sharing suggestions not knowing your desired outcome.

--
Firewall


"mlai" wrote:

> Just an observation:
> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> protected mode for the trusted zone for it to work. However, when I import
> the issued certificates, I do not get an option to mark the private key as
> exportable and consequently, I cannot export the cert for backup and
> installation on my laptop.
>
> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> exportable and can export the cert in PFX format to be used on another
> machine. The process is completely identical but it works on XPSP2 but not
> Vista RTM (I am on x64).
>
> Can anybody shed some light on this? It will be a major problem as I will
> be moving to a pure Vista environment soon for my home network (which has 7
> machines......)
>
> Please help.
> TIA.
>

Reply With Quote
  #5 (permalink)  
Old 01-13-2007
mlai
 

Posts: n/a
Re: Problem when requesting SSL certs with Vista......
Secured Email. I try to sign all the emails that I send to people so that
my friends and business associates knows that the message is genuine from
myself.

"FireWall2" <FireWall2@discussions.microsoft.com> wrote in message
news06C5B1D-87CC-4BF4-A7F6-3CE288A83EFE@microsoft.com...
>
> Hello Mlai,
>
> Curiosity has got the best of me, what is your intended purpose for
> importing free certs from Thawte ?
>
> Reluctant for sharing suggestions not knowing your desired outcome.
>
> --
> Firewall
>
>
> "mlai" wrote:
>
>> Just an observation:
>> I tried obtaining SSL certs with Vista thru Thawte (their free personal
>> email certs). I had to put www.thawte.com in a Trusted Zone and disable
>> protected mode for the trusted zone for it to work. However, when I
>> import
>> the issued certificates, I do not get an option to mark the private key
>> as
>> exportable and consequently, I cannot export the cert for backup and
>> installation on my laptop.
>>
>> If I request the cert from XPSP2 (also IE7), I can mark the cert as
>> exportable and can export the cert in PFX format to be used on another
>> machine. The process is completely identical but it works on XPSP2 but
>> not
>> Vista RTM (I am on x64).
>>
>> Can anybody shed some light on this? It will be a major problem as I
>> will
>> be moving to a pure Vista environment soon for my home network (which has
>> 7
>> machines......)
>>
>> Please help.
>> TIA.
>>


Reply With Quote
  #6 (permalink)  
Old 01-13-2007
=?Utf-8?B?RmlyZVdhbGwy?=
 

Posts: n/a
Re: Problem when requesting SSL certs with Vista......
Miai,

Have you tried the below link for additional assistance? With your knowledge
and previous experience using certs, can not imagine why you are experiencing
difficulties.

http://search.microsoft.com/results....-US&FORM=QBME1
--
Firewall

Disclaimer:
Accept Vista as it is, or, Abandon Vista


"mlai" wrote:

> Secured Email. I try to sign all the emails that I send to people so that
> my friends and business associates knows that the message is genuine from
> myself.
>
> "FireWall2" <FireWall2@discussions.microsoft.com> wrote in message
> news06C5B1D-87CC-4BF4-A7F6-3CE288A83EFE@microsoft.com...
> >
> > Hello Mlai,
> >
> > Curiosity has got the best of me, what is your intended purpose for
> > importing free certs from Thawte ?
> >
> > Reluctant for sharing suggestions not knowing your desired outcome.
> >
> > --
> > Firewall
> >
> >
> > "mlai" wrote:
> >
> >> Just an observation:
> >> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> >> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> >> protected mode for the trusted zone for it to work. However, when I
> >> import
> >> the issued certificates, I do not get an option to mark the private key
> >> as
> >> exportable and consequently, I cannot export the cert for backup and
> >> installation on my laptop.
> >>
> >> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> >> exportable and can export the cert in PFX format to be used on another
> >> machine. The process is completely identical but it works on XPSP2 but
> >> not
> >> Vista RTM (I am on x64).
> >>
> >> Can anybody shed some light on this? It will be a major problem as I
> >> will
> >> be moving to a pure Vista environment soon for my home network (which has
> >> 7
> >> machines......)
> >>
> >> Please help.
> >> TIA.
> >>

>

Reply With Quote
  #7 (permalink)  
Old 01-13-2007
=?Utf-8?B?RmlyZVdhbGwy?=
 

Posts: n/a
Re: Problem when requesting SSL certs with Vista......
Mlai,

Not certain, but it appears that "free" certificates might be a part of
history, hence, the real source for your conflict.

Although, one Site from the previously provided Link does offer free certs
for "personal" use.
--
Firewall

Disclaimer:
Accept Vista as it is, or, Abandon Vista


"mlai" wrote:

> Secured Email. I try to sign all the emails that I send to people so that
> my friends and business associates knows that the message is genuine from
> myself.
>
> "FireWall2" <FireWall2@discussions.microsoft.com> wrote in message
> news06C5B1D-87CC-4BF4-A7F6-3CE288A83EFE@microsoft.com...
> >
> > Hello Mlai,
> >
> > Curiosity has got the best of me, what is your intended purpose for
> > importing free certs from Thawte ?
> >
> > Reluctant for sharing suggestions not knowing your desired outcome.
> >
> > --
> > Firewall
> >
> >
> > "mlai" wrote:
> >
> >> Just an observation:
> >> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> >> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> >> protected mode for the trusted zone for it to work. However, when I
> >> import
> >> the issued certificates, I do not get an option to mark the private key
> >> as
> >> exportable and consequently, I cannot export the cert for backup and
> >> installation on my laptop.
> >>
> >> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> >> exportable and can export the cert in PFX format to be used on another
> >> machine. The process is completely identical but it works on XPSP2 but
> >> not
> >> Vista RTM (I am on x64).
> >>
> >> Can anybody shed some light on this? It will be a major problem as I
> >> will
> >> be moving to a pure Vista environment soon for my home network (which has
> >> 7
> >> machines......)
> >>
> >> Please help.
> >> TIA.
> >>

>

Reply With Quote
  #8 (permalink)  
Old 01-18-2007
=?Utf-8?B?TWljaGFlbA==?=
 

Posts: n/a
RE: Problem when requesting SSL certs with Vista......
same problem for Comodo free email certs

"mlai" wrote:

> Just an observation:
> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> protected mode for the trusted zone for it to work. However, when I import
> the issued certificates, I do not get an option to mark the private key as
> exportable and consequently, I cannot export the cert for backup and
> installation on my laptop.
>
> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> exportable and can export the cert in PFX format to be used on another
> machine. The process is completely identical but it works on XPSP2 but not
> Vista RTM (I am on x64).
>
> Can anybody shed some light on this? It will be a major problem as I will
> be moving to a pure Vista environment soon for my home network (which has 7
> machines......)
>
> Please help.
> TIA.
>

Reply With Quote
  #9 (permalink)  
Old 02-21-2007
=?Utf-8?B?U3RldmUtVUs=?=
 

Posts: n/a
RE: Problem when requesting SSL certs with Vista......
Sounds oddly similar to the problem I've got, under the heading: SSL problems
with Vista. Only solution I've got is to keep an XP/2003 machine around and
export from that one, which is obviously a PITA. And we're using 32-bit.

I just can't figure it out, I thought it must be some weird GPO setting but
I tried completely disabling all GPOs and it still doesn't work. But yet on
XP SP2/2003 SP1 with IE7, it all works fine.

Is there some fundamental difference in the way Vista handles CAs and
certificates?

Steve.

"mlai" wrote:

> Just an observation:
> I tried obtaining SSL certs with Vista thru Thawte (their free personal
> email certs). I had to put www.thawte.com in a Trusted Zone and disable
> protected mode for the trusted zone for it to work. However, when I import
> the issued certificates, I do not get an option to mark the private key as
> exportable and consequently, I cannot export the cert for backup and
> installation on my laptop.
>
> If I request the cert from XPSP2 (also IE7), I can mark the cert as
> exportable and can export the cert in PFX format to be used on another
> machine. The process is completely identical but it works on XPSP2 but not
> Vista RTM (I am on x64).
>
> Can anybody shed some light on this? It will be a major problem as I will
> be moving to a pure Vista environment soon for my home network (which has 7
> machines......)
>
> Please help.
> TIA.
>

Reply With Quote
  #10 (permalink)  
Old 02-22-2007
Haitao Li
 

Posts: n/a
Re: Problem when requesting SSL certs with Vista......
I just checked comodo web site and their script does not support Vista yet,
so it's probably a different problem.

mlai: is the problem with thawte's SSL or email cert? I got a little
confused by your post. Do you remember which file format was sent back from
thawte server? .cer or .pfx?

"Michael" <Michael@discussions.microsoft.com> wrote in message
news:A7583964-8676-42AE-9F4E-0F56CBC6142A@microsoft.com...
> same problem for Comodo free email certs
>
> "mlai" wrote:
>
>> Just an observation:
>> I tried obtaining SSL certs with Vista thru Thawte (their free personal
>> email certs). I had to put www.thawte.com in a Trusted Zone and disable
>> protected mode for the trusted zone for it to work. However, when I
>> import
>> the issued certificates, I do not get an option to mark the private key
>> as
>> exportable and consequently, I cannot export the cert for backup and
>> installation on my laptop.
>>
>> If I request the cert from XPSP2 (also IE7), I can mark the cert as
>> exportable and can export the cert in PFX format to be used on another
>> machine. The process is completely identical but it works on XPSP2 but
>> not
>> Vista RTM (I am on x64).
>>
>> Can anybody shed some light on this? It will be a major problem as I
>> will
>> be moving to a pure Vista environment soon for my home network (which has
>> 7
>> machines......)
>>
>> Please help.
>> TIA.
>>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Can't access Vista Share TedF microsoft.public.windows.vista.networking sharing 12 04-30-2010 14:12
I have a problem with Vista - Windows Explorer keeps crashing =?Utf-8?B?TWljaGFlbA==?= microsoft.public.windows.vista.performance maintenance 28 06-29-2008 19:57
Vista POP3 Major Problem - Help MS =?Utf-8?B?TWF0dF9Hc3k=?= microsoft.public.windows.vista.mail 11 04-10-2007 13:48
DNS problem with broadband router + Vista =?Utf-8?B?SW5uZXMgTWFjS2Vuemll?= microsoft.public.windows.vista.networking sharing 0 02-15-2007 16:35
Re: Vista POP3 Major Problem - Help MS Steve Cochran microsoft.public.windows.vista.mail 11 02-10-2007 02:09




All times are GMT +1. The time now is 16:47.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120