|
Posted by Matt on October 19, 2005, 9:27 am
Please log in for more thread options Paul,
Sorry for the confusion but I was working on the problem very late in the
night.
What we are doing is using S/MIME to encrypt the payload with the public
key, transmit the document to another system, then decrypt using the private
key. This process is done by components we purchased from IP*Works for
SMIME. I just received an e-mail from them stating the error message I am
getting means when the private key was generated it was not enabled for
encryption. How do I do this then and with which available option since I
can't use the templates to get what I need. I assume then the only options
I have for certificates are the ones available in the drop down on the web
enrollment page, so which is the one I need?
Thanks for your help.
Matt
> microsoft.public.windows.server.security news group, Matt
>
>> I am working in an environment where we have installed Certficiate
>> Services
>> on our Windows 2003 standard machine with Active Directory. We followed
>> Mark Minasi's book on Windows Server 2003 but do not see the same
>> template
>> he uses in his client example. The drop down in his example has Server
>> Authentication Cetificate as the type but that is not in the list nor can
>> I
>> find it in any of the templates.
>
> Certificate templates are only supported when the CA is installed on a
> Windows Server 2003 Enterprise Edition computer, not on Standard. That
> would explain the disconnect.
>
>>
>> We generated a Web Server type since we believed that had the attributes
>> we
>> are looking for but have found an issue. We worked up a test where we
>> signed a document with the new certfiicate without any issues but when we
>> try to decrypt the payload we get "Key not valid for use in specified
>> state". We are not sure what is going on and I am pretty sure the
>> certfiicate we generated is the culprit. The application has been
>> working
>> fine for a year now in another environment where we generated our own key
>> but that was under Windows 2000.
>
> I don't understand what you're trying to do here. First you mention that
> you're signing a document and then you're saying that you're trying to
> decrypt the document. What exactly are you trying to do here, sign or
> encrypt?
>
>
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca/blogs/paul/
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea
| 
XML Sitemap