Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Choose a Digital Certificate Blank!!

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 09-10-2008
Ryan Hanisco
 

Posts: n/a
Choose a Digital Certificate Blank!!
Hello everyone,

I have a web site that uses Certificate Authentication for user identity.
My CA issues certificates to the end users and the web site inspects the
certificate properties to allow users into the site.

The CA is a private CA that uses a self-signed cert at the top level. On
all non-Vista operating systems, everything works well. When Vista requests
the cert, it prompts me that it needs to add the Trusted Root Cert for the
CA.. I do this and make sure that it places the Root Cert in the Trusted
Root Cert area. Then the personal cert installs correctly. I can use the
Cert MMC to see that the root is there and that the client cert is in the
right place.

When I load the web site, I do hit it with SSL and I get the "Choose a
Digital Certificate" dialog box that I expect. Unfortunately, in the
Identification box, there are no certificates listed at all -- so the
authentication fails.

I have seen a number of other complaining about this very issue on other
sites in my search for an answer, but I have yet to see a working response.

I have tried:
- Manually importing the Root Cert
- Adding the site to a security zone with settings on low or making the site
a trusted site
- In IE, turning off the Revocation status for the cert and the CA
- Removing the IE check for signatures on downloads

I am running out of options and am looking for additional direction. Anyone??
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Server 2008, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 10-04-2008
Ryan Hanisco
 

Posts: n/a
RE: Choose a Digital Certificate Blank!!
Hi Everyone,

The answer to this eventually came down to the fact that Windows Vista
requests certificates using a different cryptography provider than previous
operating systems. If you just leave the default options, the certificates
cannot be used for web authentication.

I have posted the full resolution steps with screen shots on my blog at:

http://techsterity.com/blogs/ad/arch...ows-vista.aspx

Thanks!
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Server 2008, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Ryan Hanisco" wrote:

> Hello everyone,
>
> I have a web site that uses Certificate Authentication for user identity.
> My CA issues certificates to the end users and the web site inspects the
> certificate properties to allow users into the site.
>
> The CA is a private CA that uses a self-signed cert at the top level. On
> all non-Vista operating systems, everything works well. When Vista requests
> the cert, it prompts me that it needs to add the Trusted Root Cert for the
> CA.. I do this and make sure that it places the Root Cert in the Trusted
> Root Cert area. Then the personal cert installs correctly. I can use the
> Cert MMC to see that the root is there and that the client cert is in the
> right place.
>
> When I load the web site, I do hit it with SSL and I get the "Choose a
> Digital Certificate" dialog box that I expect. Unfortunately, in the
> Identification box, there are no certificates listed at all -- so the
> authentication fails.
>
> I have seen a number of other complaining about this very issue on other
> sites in my search for an answer, but I have yet to see a working response.
>
> I have tried:
> - Manually importing the Root Cert
> - Adding the site to a security zone with settings on low or making the site
> a trusted site
> - In IE, turning off the Revocation status for the cert and the CA
> - Removing the IE check for signatures on downloads
>
> I am running out of options and am looking for additional direction. Anyone??
> --
> Ryan Hanisco
> MCSE, MCTS: SQL 2005, Server 2008, Project+
> http://www.techsterity.com
> Chicago, IL
>
> Remember: Marking helpful answers helps everyone find the info they need
> quickly.

Reply With Quote
  #3 (permalink)  
Old 10-24-2008
chembuchira
 

Posts: n/a
Re: Choose a Digital Certificate Blank!!

Hi Ryan,

Thanks a lot for you post, Could you please give me some
more input on our issue,
We are using scripting and customized web enrollment pages
for installing the client certificate in IE7(vista).i am not able to
find out the option to configure the cryptographic changes and key size
in the asp code.

Can you please help me on this piece?

Thanks and Regards,
Chembu


--
chembuchira
Reply With Quote
  #4 (permalink)  
Old 10-24-2008
Ryan Hanisco
 

Posts: n/a
Re: Choose a Digital Certificate Blank!!
Hi chembuchira,

To do this, you will need to use the advanced pages rather than the basic
ones. I played around a bit with automatically specifying the cryptographic
provider, but this is pulled live when the page is rendered and isn't just an
easy hardcoding of a value.

I'd direct you to the link in my post for the screen shots of where I've
left it. Other than those settings, most everything else is hard-code-able.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Server 2008, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"chembuchira" wrote:

>
> Hi Ryan,
>
> Thanks a lot for you post, Could you please give me some
> more input on our issue,
> We are using scripting and customized web enrollment pages
> for installing the client certificate in IE7(vista).i am not able to
> find out the option to configure the cryptographic changes and key size
> in the asp code.
>
> Can you please help me on this piece?
>
> Thanks and Regards,
> Chembu
>
>
> --
> chembuchira
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
choose the account you would like to change box is blank Larry C microsoft.public.windows.vista.administration accounts passwords 2 08-07-2008 06:02
standard user gets empty "choose a digital certificate" Erixke microsoft.public.windows.vista.security 1 11-24-2007 17:43
Digital Camera (cant choose pics) Kartik microsoft.public.windows.vista.general 1 04-19-2007 21:08
How do I allow certificate, digital signature from a web page =?Utf-8?B?YmxvY2sxMg==?= microsoft.public.windows.vista.general 3 04-08-2007 18:10
Vista asks to choose certificate when access shared folders =?Utf-8?B?SnU=?= microsoft.public.windows.vista.networking sharing 1 02-14-2007 13:24




All times are GMT +1. The time now is 05:15.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120