From: John_L_S (John_L_S_at_discussions.microsoft.com)
Date: Thu, 19 May 2005 12:28:05 -0700
I am new to certificates and having difficulty understanding the
implementation. I adapting a network application to use SSL Just for
clarification this is not web-based. Just a server and client that exchange
data over TCP/IP. To test my application I have set up a Windows 2000 server
with a stand-alone CA and using certutil I created a certificate for my
application. I have got my application to work when both the server
application and client application are running on the same Windows server. I
am now trying to run my client on another Windows server (just in case it is
relevant this one has Windows 2003/SP1). When my client connects to my
server on the first Windows server, the initial exchange in each direction
goes fine, but when my client tries to "InitializeSecurityContext" on the
second iteration it receives a SEC_E_UNTRUSTED_ROOT error. After searching
MS doc/MSDN and newgroups, it seemed I needed to import from my stand-alone
CA. So using the web-based interface "http://
tried to "download" the path, but same result. I next downloaded the CA
certificate and then "imported" it and still the same result. Can someone
help me out? What am I missing? Also, FYI, I am using the "stand-alone" for
what I think is a simple and controllable test bed for me to familiarize
myself with certificate handling as it applies to my SSL work and to shake
out the bugs in my application. Thanks for any comments.
... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
... order to detect we are connected to the wrong server (even though its SSL ... certificate is OK and valid by Verisign); we would need a client certificate. ... this can be detected by SSL/HTTPS client in ...