Re: BUG: Failed to encrypt outgoing messages with non WSE2QuickStartClient certificate
From: Hervey Wilson [MSFT] (herveyw.nospam_at_nospam.microsoft.com)
Date: 10/06/04
- Next message: Hervey Wilson [MSFT]: "Re: WSE 2.0 SP1 is unable to do RSA signing"
- Previous message: leighsword: "WHAT'S BEST OF SECURITY TOKEN ?"
- In reply to: DotNet Ed: "Re: BUG: Failed to encrypt outgoing messages with non WSE2QuickStartClient certificate"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 05 Oct 2004 23:28:03 -0700
DotNet Ed wrote:
> I am still using one that is slightly earlier than the one on .NET Framework
> v1.1, why? because the one in the v1.1 does not support the -pe switch.
>
> It is very confusing for users to have so many versions of makecert.exe. The
> results it gives sometimes give not much help as to why it failed either.
>
We understand, the WSE team tried hard to have the version in the .NET
Framework 1.1 SDK updated before it shipped but were unsuccessful. The
master version of makecert.exe can be found in the Platform SDK, this is
the version you should use.
Using the correct version of makecert.exe along with the right set of
switches can make all the difference in the world as to whether the
certificates will then work with WSE. Some problems that we've recently
resolved regarding makecert include:
- not using "-sky exchange" to generate a certificate capable of encrypting.
- not using "-sk <keyname>" to generate different keys for each
certificate. This one can cause all kinds of mischief from failure to
retrieve tokens to inability to recover the private key.
-- This posting is provided "AS IS", with no warranties, and confers no rights.
- Next message: Hervey Wilson [MSFT]: "Re: WSE 2.0 SP1 is unable to do RSA signing"
- Previous message: leighsword: "WHAT'S BEST OF SECURITY TOKEN ?"
- In reply to: DotNet Ed: "Re: BUG: Failed to encrypt outgoing messages with non WSE2QuickStartClient certificate"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
