Re: X.509: Security Token does not support Data Encryption

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Adam Tompkins (adam)
Date: 03/10/04


Date: Wed, 10 Mar 2004 14:31:21 -0700

Hi Byron

Thanks for the reply.

I don't see a 'Both' option: all the certs displayed have either 'Exchange'
or 'Signature' as the Key Usage but never both.

Do I need to change something on the CA server?

 - Adam

"ByronKim" <byronkim@online.microsoft.com> wrote in message
news:ui$LonmBEHA.2600@TK2MSFTNGP09.phx.gbl...
This is certificate Usage problem. You need to set Usage type of Both(i.e.
Signature and Exchange) when you request Certificate in W2K CA.

thanks
Byron Kim
  "Adam Tompkins" <adam AT 5By5Software DOT com> wrote in message
news:u9Zsz8VBEHA.628@TK2MSFTNGP10.phx.gbl...
  I have installed a 'Client Authentication' certificate into my local user
store from a Win2K CA. When I run the following code (as a Windows
Application) it always fails on the .SupportsDataEncryption test. I removed
the test code and tried to encrypt a SOAP message body anyway and it failed
for the same reason.

     X509CertificateStore store =
X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
     store.OpenRead();

     X509Certificate certificate = (X509Certificate)store.Certificates[2];

     if (!certificate.SupportsDataEncryption)
       throw new ApplicationException("The certificate does not support
encryption.");

  I have verified that the correct certificate is being retrieved from the
store and, from reading various posts in the newsgroups, I believe that this
type of certificate should support encryption. I have also tried the same
thing with both 'User' and 'CodeSigning' certificates with the same result.

  Any ideas what I'm missing here?

  Thanks.

   - Adam



Relevant Pages

  • Re: SBS 2003 R2 Premium Exchange/Outlook Issue
    ... Please note that email synchronization between Outlook and Exchange ... I reran CECEIW and issued a new self-signed certificate. ... Attempting to test Autodiscover for dean@xxxxxxxxxxxx ... Attempting to resolve the host name tmcpower.com in DNS. ...
    (microsoft.public.windows.server.sbs)
  • Re: Soft signatures
    ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
    (sci.crypt)
  • RE: SBS 2003 Mobile Sycn Problem
    ... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ... Install the SBS Self-Signed Certificate into PDA, ...
    (microsoft.public.backoffice.smallbiz)
  • RE: SBS 2003 Mobile Sycn Problem
    ... Does this issue occur on a specific mobile device or multiple devices? ... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Outlook 2007 Certificate Error
    ... I did not get the UC/SAN cert since I didn't know what that meant, ... I know you can probably get away with a standard cert, such as what was used in Exchange 2003, and a few folks may respond that it works. ... Exchange 2007 UC/SAN Certificate ... If you name the internal domain the same as your Internet public domain name, in some time domain internal client will get the domain external IP. ...
    (microsoft.public.windows.server.sbs)