Re: Automatic IE6 Selection of Client Certificate

From: Tim Taylor (tim.taylor_at_dfas.mil)
Date: 06/10/04 

Date: Thu, 10 Jun 2004 14:25:44 -0700

Unfortunately, the certificates have the same root. I had
considered your suggestion first.

Any other suggestion?

regards,
tt

>-----Original Message-----
>There may be a simple solution. Do all the users have
certs that chain to
>the same root CA? If not, why not restrict the SSL web
server to a smaller
>set of trusted roots so that the user does not have
multiple certs that
>chain to the same set of trusted roots on the SSL web
server. then set IE
>to automatically select the cert when only one cert is
valid... this should
>simplify the experience.
>
>--
>
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>http://support.microsoft.com
>
>"Tim K. Taylor" <tim.taylor@dfas.mil> wrote in message
>news:217201c44e42$822027d0$3501280a@phx.gbl...
>> We have SSL enabled web applications that require client
>> authentication. All of my users have more than one
>> certificate. However, these are end users and they are
>> generally confused by even the notion of certificates, let
>> alone which one they should select.
>>
>> I would like to relieve the users of the burden of
>> selection by automatically selecting the appropriate cert
>> and avoiding the appearance of the client certificate
>> dialog box.
>>
>> How can I extend(?) IE6 to accomplish this?
>>
>> Is is possible to develop and install a dll plug-in or
>> something that calls the necessary Win32 Crypto APIs to
>> select a specific cert?
>>
>> I expect it does not matter to CAPI, but note that the
>> certificates reside on a smartcard.
>>
>> regards,
>> tt
>
>
>.
>

Relevant Pages

  • Re: cert authority
    ... Open the certificates console for your user and check Trusted Root ... Now that I moved it into my 2k AD, it doesn't seem to trust the cert. ...
    (microsoft.public.win2000.active_directory)
  • Re: adding CA certs
    ... and in fact I see it in the listed in the root ... Certificates, however, I think I need to have it added to ... my desktop, and go to our CA cert installation page, we ... can install from the browser. ...
    (microsoft.public.pocketpc)
  • Re: EAP-TLS CA Authentication issue
    ... enterprise CA you need to register it with the AD domain as a trusted root ... I have a 2003 IAS server running on a system with a 2003 standalone ... I have installed certificates on both the IAS server ... CA snapin and see the Cert in the local machine personal certs store ...
    (microsoft.public.internet.radius)
  • Re: IAS EAP-TLS Certificate Error
    ... The root CA cert has not been renewed. ... windows 2000 certutil. ... Your best course of action is to test the certificates by ...
    (microsoft.public.de.security.netzwerk.sicherheit)
  • Re: IAS EAP-TLS Certificate Error
    ... The root CA cert has not been renewed. ... windows 2000 certutil. ... Your best course of action is to test the certificates by ...
    (microsoft.public.win2000.ras_routing)
Quantcast