Trust model- Exporting keys & "Error during CryptAcquireContext"
From: Neil Crump (neilcrump_at_hotmail.com)
Date: 10/26/04
- Next message: Dale Ziebarth: "ActiveSync"
- Previous message: Ringwood: "Re: Cannot access cf-card (atadisk)"
- Messages sorted by: [ date ] [ thread ]
Date: 26 Oct 2004 08:24:01 -0700
Hi,
I've recently enabled the trust model in our Platform Builder 4.2
project, and while it's working to a point, I'm unable to export my
certificates/keys and use them on another PC.
I'm currently generating working keys like this:
makecert -pe -sk MyKey -ss MyStore -e 01/01/2504 -n "E =
mail@client.com,CN = client,O = Client Ltd,C = UK" -eku
1.3.6.1.5.5.7.3.3 -a sha1 MyKey.cer
I've also successfully used Certificate Services from our Windows 2003
server, as long as I select 'specify container name', those keys work
too.
However, if I then export those certificates, they just won't work on
any other system.
Similarly, if I run:
makecert -pe -sv MyKey.pvk -ss MyStore -e 01/01/2504 -n "E =
mail@client.com,CN = Client,O = Client Ltd,C = UK" -eku
1.3.6.1.5.5.7.3.3 -a sha1 MyKey.cer
... And then use pvkimprt to install the CER and PVK files, that also
fails.
I see an error message "Error 80090016 during CryptAcquireContext!"
when I run signfile on such a system.
It seems to me that the problem is to do with the way that the
"Container Name" is used. I think that both MakeCert and Cert.
Services assign a container name to your key when you use them as
shown above.
However, if you use .CER/.PVK/PFX files, this information is lost, so
although you've successfully imported the certificates, you can no
longer refer to the key by container name.
Can anyone confirm this, or better, suggest a solution?
Thanks in advance,
Neil.
- Next message: Dale Ziebarth: "ActiveSync"
- Previous message: Ringwood: "Re: Cannot access cf-card (atadisk)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
