Client-Cert doesn't shown in selection when SSL-login



Hi all!
I have a client-certificate created with our CA on a windows2003 server standard edition with the "user-template".
The problem is, that this certificate is not shown in the certificate-selection when i try to establish an SSL connection with client-auth.
The certificate is installed in the local user-certificate-store.
Other certificates, such as my private Thawte-Certificates are shown.
This problem occurs also with Firefox.
What do I have to configure, that I can use certificats of our CA with SSL-client-auth?

Have anyone an idea or solution for this problem?

Thanx
Pat

Following there is a dump of this certificate:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:d4:20:a4:00:00:00:00:01:c6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, O=xxx, OU=test, CN=CA 0
Validity
Not Before: Jun 30 12:13:20 2008 GMT
Not After : Jun 30 12:13:20 2009 GMT
Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02
bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf
46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f
e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5
1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63
26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6
97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e
64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97
20:ea:18:99:eb:b9:64:1b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
S/MIME Capabilities:
.......0...+....0050...*.H..
...*.H..
X509v3 Subject Key Identifier:
EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4:
1.3.6.1.4.1.311.20.2:
...U.s.e.r
X509v3 Authority Key Identifier:
keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE:
1

X509v3 CRL Distribution Points:
URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP,
20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c
tionList?base?objectClass=cRLDistributionPoint
URI:http://xxx.test.xxx.de/CertEnr

Authority Information Access:
CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub
ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti
ctClass=certificationAuthority
CA Issuers - URI:http://xxx.test.xxx
/xxx.test.xxx.de_CA%200.crt

X509v3 Extended Key Usage:
Microsoft Encrypted File System, E-mail Protecti
nt Authentication
X509v3 Subject Alternative Name:
othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e:
72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f:
c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f:
c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13:
7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b:
ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32:
eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31:
54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82:
ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31:
ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a:
f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6:
d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b:
b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9:
dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8:
62:01:12:37
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD
VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT
BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm
iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk
ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y
IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC
vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8
ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl
57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ
KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG
BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM
RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE
IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v
Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10
ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz
ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu
bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC
ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D
QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp
Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl
cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0
eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu
LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El
MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH
AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0
QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ
n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg
Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto
1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4
tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C
kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB
Ejc=
-----END CERTIFICATE-----
.



Relevant Pages

  • certificate extension
    ... I have a problem in retaining the X509 extension in the end certificate which will be submitted to kdc. ... Subject Public Key Info: ... Signature Algorithm: sha1WithRSAEncryption ...
    (comp.protocols.kerberos)
  • Re: certificate extension
    ... I have a problem in retaining the X509 extension in the end certificate which will be submitted to kdc. ... Subject Public Key Info: ... Signature Algorithm: sha1WithRSAEncryption ...
    (comp.protocols.kerberos)
  • Re: certificate verify failed
    ... Signature Algorithm: sha1WithRSAEncryption ... Subject Public Key Info: ... Here am not sure whether the certificate is signed or not.. ...
    (comp.lang.ruby)
  • Re: What is a Certificate?
    ... a certificate is a public key which may or may not be signed ... To be a _certificate_ it must be signed. ... Specification of signature algorithm ... Signature of TBSCertificate ...
    (comp.security.misc)
  • Re: [Full-disclosure] Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
    ... Do you presume that the websites in the domains that you intend ... to track users will install the self-signed CA certificate that ... issued the client-certificate to the unsuspecting user? ... how will the browser know which client certificate to send to ...
    (Full-Disclosure)