Re: Vista Certificate Enrollment api

Please follow these instructions to collect a log file. The log is a text file which contains information about failure codes from various function calls, and names of templates, CAs and CSPs.

certutil -setreg Enroll\debug 0xffffffe3
restart the enrolling process and repro the failure
certutil -delreg Enroll\debug
Provide the log file in %windir%\certenroll.log or %userprofile%\certenroll.log


"Mark Mullane" <mark_mullane@xxxxxxxxxxx> wrote in message news:#6eUEwqSHHA.1600@xxxxxxxxxxxxxxxxxxxxxxx
Hi:

The error is still CERT_E_UNTRUSTED_ROOT, (even when "AllowUntrustedRoot" is specified.)
I am calling this from within a Windows service.

Thanks in advance.

Mark M.

"Haitao Li" <lht1999 [at] hotmail.com> wrote in message news:34D89F93-C430-469A-9FCF-AAD7040409A5@xxxxxxxxxxxxxxxx
What error did InstallResponse return when AllowUntrustedRoot is passed in?
Are you calling the API in web script?

"Mark Mullane" <mark_mullane@xxxxxxxxxxx> wrote in message news:ufRj4qVSHHA.4188@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I'm using the new Certificate Enrollment API in Vista to enroll certificates
(signed by a custom CA) on Vista clients, along the lines given in the SDK
Certificate Enrollment Sample.

I have successfully generated a private key and CSR , sent the CSR to the CA
and received back the response (certificate chain).

My problem comes when I attempt to use the IX509Enrollment interface to
install the received certificate chain on the client machine (in
ContextMachine) I always get error CERT_E_UNTRUSTED_ROOT (0x800b0109). This
is not surprising as the root of the certificate chain returned by the CA is
of course untrusted. However the problem is that even when I set the
InstallResponseRestrictionFlags to "AllowUntrustedRoot" it still fails!

I have verified that if I separately install the Root CA cert alone then the
returned certificate chain installs with no problem. If the Root cert is not
there initially, then it appears that the "AllowUntrustedRoot" flag is
having NO effect.

This is happening on Vista RC2 and Vista Gold.

Any ideas?

Regards..........Mark M.





.

Relevant Pages

  • Re: Vista Certificate Enrollment api
    ... What error did InstallResponse return when AllowUntrustedRoot is passed in? ... I'm using the new Certificate Enrollment API in Vista to enroll certificates ... is not surprising as the root of the certificate chain returned by the CA is ... I have verified that if I separately install the Root CA cert alone then the ...
    (microsoft.public.platformsdk.security)
  • certificate revoked problem while installing dotnet 2.0 framework
    ... I looked again in the log file ... I looked at the files certificate and there is a remark about it: ... Does any one know what should I do in order to install DotNet Framework ...
    (microsoft.public.dotnet.framework.setup)
  • certificate revoked problem while installing dotnet 2.0 framework
    ... I looked again in the log file ... I looked at the files certificate and there is a remark about it: ... Does any one know what should I do in order to install DotNet Framework ...
    (microsoft.public.dotnet.framework)
  • Re: Problems with SSL Cert
    ... If, after receiving the error message, they continue on to the site they can ... certificate with an option to let it automatically decide the location to ... My understanding was this process would install the certificate so that the ... the link "Download a CA certificate, certificate chain, or CRL" followed by ...
    (microsoft.public.exchange.clients)
  • Re: Vista Certificate Enrollment api
    ... I'm using the new Certificate Enrollment API in Vista to enroll ... Certificate Enrollment Sample. ... is not surprising as the root of the certificate chain returned by the CA ... I have verified that if I separately install the Root CA cert alone then ...
    (microsoft.public.platformsdk.security)