Re: X.509: Security Token does not support Data Encryption

From: Adam Tompkins (adam)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 14:31:21 -0700

Hi Byron

Thanks for the reply.

I don't see a 'Both' option: all the certs displayed have either 'Exchange'
or 'Signature' as the Key Usage but never both.

Do I need to change something on the CA server?

 - Adam

"ByronKim" <byronkim@online.microsoft.com> wrote in message
news:ui$LonmBEHA.2600@TK2MSFTNGP09.phx.gbl...
This is certificate Usage problem. You need to set Usage type of Both(i.e.
Signature and Exchange) when you request Certificate in W2K CA.

thanks
Byron Kim
  "Adam Tompkins" <adam AT 5By5Software DOT com> wrote in message
news:u9Zsz8VBEHA.628@TK2MSFTNGP10.phx.gbl...
  I have installed a 'Client Authentication' certificate into my local user
store from a Win2K CA. When I run the following code (as a Windows
Application) it always fails on the .SupportsDataEncryption test. I removed
the test code and tried to encrypt a SOAP message body anyway and it failed
for the same reason.

     X509CertificateStore store =
X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
     store.OpenRead();

     X509Certificate certificate = (X509Certificate)store.Certificates[2];

     if (!certificate.SupportsDataEncryption)
       throw new ApplicationException("The certificate does not support
encryption.");

  I have verified that the correct certificate is being retrieved from the
store and, from reading various posts in the newsgroups, I believe that this
type of certificate should support encryption. I have also tried the same
thing with both 'User' and 'CodeSigning' certificates with the same result.

  Any ideas what I'm missing here?

  Thanks.

   - Adam

Relevant Pages

  • Re: Soft signatures
    ... now, digital signature, typically just represents that you (in ... For some time there were arguments that if a certificate contained the ... certificate with your public key and the non-repudiation flag in it. ... for a number of different business purposes. ...
    (sci.crypt)
  • RE: SBS 2003 Mobile Sycn Problem
    ... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ... Install the SBS Self-Signed Certificate into PDA, ...
    (microsoft.public.backoffice.smallbiz)
  • RE: SBS 2003 Mobile Sycn Problem
    ... Does this issue occur on a specific mobile device or multiple devices? ... If this is a certain client issue, it is much possibly related to Exchange ... the mailbox of specific user account as .PST file, ... on the "Web Server Certificate" page select "Create ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Dead Exchange Server
    ... Microsoft Certified Partner ... Server, and matched up every setting on my default, then deleted the new one, ... I would suggest downloading Exchange Best Practice and SBS Best Practice ... > certificate that was generated with the install, but i made a new one> to ...
    (microsoft.public.exchange.connectivity)
  • Re: electronic signature in Microsoft Word
    ... you need a digital certificate. ... status bar with a tooltip that says "This document has been digitally ... Double-clicking the icon opens the Digital Signature dialog again. ... but be asked for a password before inserting ...
    (microsoft.public.word.docmanagement)