Re: DCOM & CryptoAPI
From: Cuppens Peter (peter.cuppens_at_impactec.net)
Date: 09/10/03
- Next message: Alun Jones [MS MVP]: "Certificate Import Wizard - API?"
- Previous message: Garfield Lewis: "Re: secedit question.."
- In reply to: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Next in thread: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Reply: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 10 Sep 2003 21:43:07 GMT
Tx Valery,
How exactly do I install a certificate as machine certificate.I tried to
install the certificate as a "machine certificate" by means of IE selecting
the different containers and within those the "local machine" option but
that did not work.
Peter
"Valery Pryamikov" <Valery.Pryamikov@nospam.sm.siemens.no> wrote in message
news:egFtsU7cDHA.3948@TK2MSFTNGP11.phx.gbl...
> Hi,
> Your problem is that you are trying to use "User" certificates in your
DCOM
> program, but only "Machine" certificates could be reliably used by logon
as
> batch job type logon (Logon As Batch job doesn't load hive, but this is
> where registry certstore resigns).
> Additionally you have to make sure that account that you are using for
DCOM
> LauchAs have write permission on corresponding key container file for
having
> access to the private key (see: Documents and Settings\All
Users\Application
> Data\Microsoft\Crypto\RSA\MachineKeys).
> And remove that account from local administrators group - non-privileged
> account will be quite enough for this purpose.
>
> -Valery.
>
> "Cuppens Peter" <peter.cuppens@impactec.net> wrote in message
> news:2u_5b.2030$QS3.149534@phobos.telenet-ops.be...
> > Hi,
> >
> > we wrote a DCOM component that handles file concatenation and 3DES - RSA
> > decryption based on certificates. When we create (via createobject) the
> > component, everything works perfect on a local machine, when we create
the
> > object while it resides on a remote machine the decryption part fails
but
> > all other tasks run without problems.
> >
> > We configured the remote machine such that the account used on the
> DCOMCNFG
> > identity tab is the same as the one used for installation of the
> > certificates. To make sure that sufficent rights exists we made that
> account
> > member of the local adminstrators.
> >
> > If the account mentionned is logged on locally to the remote machine
> > everything including the decryption functions works. If we loggoff
during
> > the decryption, that decryption cycle is ended with success but the next
> one
> > will not work. If no user or any other user is logged on locally into
the
> > remote machine then the decryption part of the component fails.
> >
> > When the component fails we receive an error 0x80092004. In the past I
> also
> > received this error when certificates where installed with a different
> > browser version.
> >
> > The remote platform is an NT2000 Server servicepack 3 machine.
> >
> > Do we need specific settings or verification when CryptoAPI is embedded
in
> a
> > DCOM component ?
> >
> >
> > Tx.
> >
> >
> >
>
>
- Next message: Alun Jones [MS MVP]: "Certificate Import Wizard - API?"
- Previous message: Garfield Lewis: "Re: secedit question.."
- In reply to: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Next in thread: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Reply: Valery Pryamikov: "Re: DCOM & CryptoAPI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
