Re: WSE 3.0 CertSrv Request

---

• From: "Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx>
• Date: Wed, 6 Sep 2006 10:11:56 -0400

---

Hi,

I need to set the CSP to "Microsoft Enhanced Cryptographic Provider 1.0".
I marked the Key Usage as Both (Exchange and Signature), set the Key Size
to 1024, checked Create new key set, Mark Keys as exportable. I set the
Hash algorithm to SHA-1

All those settings are correct, so what error are you receiving from WSE
when you try to use those certificates ?

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax


"Techno_Dex" <nospamchurst@xxxxxxxxxxxx> wrote in message
news:eirCk8SzGHA.3512@xxxxxxxxxxxxxxxxxxxxxxx

I am having a problem creating the appropriate Certificates for mutual X509
security use our in house Cert Authority with teh CertSrv wizard. I have
not found any good documentation on what type of certificates need to be
created and which parameters need to be set in the CertSrv. I took a look
at Pablo's blog
http://weblogs.asp.net/cibrax/archive/2006/08/08/Creating-X509-Certificates-for-WSE-or-WCF.aspx
but all that does is obscure the CertSrv Template that is used to create
the desired Certifcates instead of explaining which options need to be set.

So far I am using the Advanced request option in the CertSrv and using the
CA form option to populate the cert details. I'm assuming that the
Intended Purpose is "Server Authentication Certificate" for the WS side
and "Client Authentication Certificate" for the Client side. From Pablo's
blog is appears I need to set the CSP to "Microsoft Enhanced Cryptographic
Provider 1.0". I marked the Key Usage as Both (Exchange and Signature),
set the Key Size to 1024, checked Create new key set, Mark Keys as
exportable. I set the Hash algorithm to SHA-1.... Can someone shed some
light on what I'm missing?

.

---

• Follow-Ups:
  • Re: WSE 3.0 CertSrv Request
    • From: Techno_Dex
  • Re: WSE 3.0 CertSrv Request
    • From: Techno_Dex

• Prev by Date: Re: Secure conversation breaks WSE
• Next by Date: Re: WSE 3 + Long Running Request = Timeout
• Previous by thread: WSE3.0 in medium trust error!
• Next by thread: Re: WSE 3.0 CertSrv Request
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: New Method for Authenticated Public Key Exchange without Digital Certificates ... > employing nicely handwritten contracts, ... certificates were redundant and superfluous when the relying party ... pre-existing business processes that have been around for a long time ... simple digital signature by itself isn't sufficient to be a legal ... (sci.crypt) Re: WSE 3.0 CertSrv Request ... You can also find the response message in the Response ... Client OutputTrace looks clean. ... X509 security use our in house Cert Authority with teh CertSrv wizard. ... I have not found any good documentation on what type of certificates ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: selfcert and new image or pc ... G'day "prisma", ... including CPU serial numbers and OS install keys. ... and you minimize your need for new certificates. ... When I get a new computer my signature is lost and I ... (microsoft.public.office.developer.vba) Re: selfcert and new image or pc ... G'day "prisma", ... including CPU serial numbers and OS install keys. ... and you minimize your need for new certificates. ... When I get a new computer my signature is lost and I ... (microsoft.public.word.vba.customization) Re: Certificate attributes for Smart Card Logon ... signature but also email encryption! ... If you enable the Smart Card Logon, Client Authentication, and Secure ... controllers each already have their own certificates. ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)