Re: How do we get the private key to do digital signature?

<antonyliu2002@xxxxxxxxx> wrote in message
On Apr 9, 3:48 pm, "Mitch Gallant" <jensig...@xxxxxxxxxxxxxxxx> wrote:
My existing client side script inVBScriptcan already send the
selected cert successfully to my web application. I will post the
script when I have access to my work station later today, so that you
can see how the selected cert is sent.

Maybe it is possible to modify the existing script in such a way that
I can get to know which cert has been selected.

AL- Hide quoted text -

- Show quoted text -

For right now, my web application knows whose cert was submitted after
it parses the intercepted cert. I wish I could do this on the client

I don't think you can intercept the IE cert-selection dialog if IE
the SSL session with the server and invokes the client-authorization
cert-selection process. As I said earlier, you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL
that way.

- Mitch- Hide quoted text -

- Show quoted text -

Hmm, it looks like you are right.

I just checked the source code of the Login HTML page and there is
nothing special there!

Look, this is the source code screen snapshot:

And this is how this web form appears in IE:

And the the source code in plain text (nothing special!)

<form action="";
method="post" name="bankloginform" id="bankloginform" onSubmit="return
emailCheck( &&

<p>Please login using your email address and the password you
supplied the time
you signed up with the bank.
<p>Please note that you need a valid certificate to login. If you do
not have
a certificate yet, you can apply one for free right now.
<p>Your browser never knows if your certificate is revoked, but we
do know.
So, if your certificate has been revoked, you won't be able to
<table width="39%" border="0">
<td width="21%" height="26"> <p align="right">e-mail:</td>
<td width="79%"><input name="email" type="text" id="email"
<td rowspan="2" valign="top"><div align="right">Password:</div></
<td><input name="password" type="password" id="password"
size="48" maxlength="48"></td>
<td><input name=login type=submit id="login2" value="Login"></

OK, let's turn back to your suggestion: you'd have to invoke the SSL
session from vbs itself and then select the cert and pass to SSL
negotiation that way.

How do we invoke SSL from vbs? I have never done this.


OK first of all, I'll reiterate that I have been able to do this from a
standalone .NET 1.1 client using basic code like this:
--------- .NET 1.1 snippet to connect to SSL server requiring
client-certificate authentication -----
X509Certificate jscert = X509Certificate.CreateFromCertFile(certfile);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
and with .NET 2, you can use all the support for searching and finding
certificates (so you wouldn't need to use CAPICOM from .NET).

I think that you could use the WinHttpRequest COM object like so:

--- VBScript sample to connect to SSL server requiring client-cert
authentication --------
Dim HttpReq As Object
' Instantiate the WinHTTPRequest ActiveX Object.
Set HttpReq = New WinHttpRequest

' Open an HTTP connection.
HttpReq.Open "GET", "https://somesecureurl/";, False

'Select a client certificate.
HttpReq.SetClientCertificate "LOCAL_MACHINE\Personal\My Middle-Tier

' Send the HTTP Request.

check out MSDN docs on WinHttpRequest COM object (part of Windows HTTP
Services) at:

- Mitch