SEC_E_UNTRUSTED_ROOT

From: John_L_S (John_L_S_at_discussions.microsoft.com)
Date: 05/19/05

  • Next message: Ele7eN: "RE: How to tell if domain\user is a local user or domain user?" 
    Date: Thu, 19 May 2005 12:28:05 -0700

    I am new to certificates and having difficulty understanding the
    implementation. I adapting a network application to use SSL Just for
    clarification this is not web-based. Just a server and client that exchange
    data over TCP/IP. To test my application I have set up a Windows 2000 server
    with a stand-alone CA and using certutil I created a certificate for my
    application. I have got my application to work when both the server
    application and client application are running on the same Windows server. I
    am now trying to run my client on another Windows server (just in case it is
    relevant this one has Windows 2003/SP1). When my client connects to my
    server on the first Windows server, the initial exchange in each direction
    goes fine, but when my client tries to "InitializeSecurityContext" on the
    second iteration it receives a SEC_E_UNTRUSTED_ROOT error. After searching
    MS doc/MSDN and newgroups, it seemed I needed to import from my stand-alone
    CA. So using the web-based interface "http://>/certsrv" I firt
    tried to "download" the path, but same result. I next downloaded the CA
    certificate and then "imported" it and still the same result. Can someone
    help me out? What am I missing? Also, FYI, I am using the "stand-alone" for
    what I think is a simple and controllable test bed for me to familiarize
    myself with certificate handling as it applies to my SSL work and to shake
    out the bugs in my application. Thanks for any comments.

  • Next message: Ele7eN: "RE: How to tell if domain\user is a local user or domain user?"

    Relevant Pages

    • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
      ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: LDP client authentication fails
      ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
      (microsoft.public.windows.server.active_directory)
    • Re: SSL & Man In the Middle Attack
      ... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
      (comp.security.misc)
    • Re: activesync issue
      ... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
      (microsoft.public.windows.server.sbs)
    • [Full-disclosure] VMSA-2006-0010 - SSL sessions not authenticated by VC Clients
      ... X.509 certificate when creating an SSL session, ... Both the client and server need certificates from a mutually-trusted ... VirtualCenter 2.0.1 Patch 1 and VirtualCenter 1.4.1 Patch ...
      (Full-Disclosure)