Re: Validity period of certificates is not accepted anymore
From: Sebastian Rieger (sebastian.rieger_at_gwdg.de)
Date: 11/25/04
- Next message: Neil Griffiths: "GINA DLL WlxStartApplication pszCmdLine"
- Previous message: David Cross [MS]: "Re: How to use my own algrithum in S/MIME of Outlook Express?"
- In reply to: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Next in thread: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Reply: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Nov 2004 14:59:22 +0100
David Cross [MS] schrieb:
> The CA policy module will always truncate the validity of an issued cert to
> be within the lifetime of its own validity period. You must renew the CA
> with a longer lifetime to avoid this.
>
Thanks for your help! The feature of reducing the lifetime of a
certificate is great! I renewed the ca certificate though, to avoid
having users register their certificate a short time before the ca
certificate expires. I've got two valid CA certificates now (same key,
different life time) which seems to work fine even with the CRL etc.
Thanks to you I now know that there seems to be no registry key or the
like, to avoid the life time from being cut down.
I've got a new problem now, though! The life time of the certificate is
accepted (or shortened) by the policy module, but it states that there
are no SMIME capability extensions set. There used to be an extension
for this, but right now Netscape / Mozilla requests lack it.
The policy modules rejects all requests of our users, complaining about
the lacking extension (0x80094805 (-2146875387)). I couldn't find
anything in TechNet or on the Microsoft webpage.
Strange thing is, requests sent in by an Internet Explorer are accepted
by the policy module. They ought to be constructed on the client side,
using Xenroll.dll, right? Selecting them from the pending request list,
and showing their extension works (the extensions contain the four
encryption types of SMIME capabilities, which are also set in
defaultSMIME registry key).
Any help would (again) be greatly appreciated! Thanks again, for your
advice!
Sebastian Rieger
- Next message: Neil Griffiths: "GINA DLL WlxStartApplication pszCmdLine"
- Previous message: David Cross [MS]: "Re: How to use my own algrithum in S/MIME of Outlook Express?"
- In reply to: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Next in thread: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Reply: David Cross [MS]: "Re: Validity period of certificates is not accepted anymore"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
