Solved

Imported Certificate Problems - signing data with your private exchange key

Posted on 2004-08-04
5
1,493 Views
Last Modified: 2013-12-04
Hi,

We have a website that requires certificates.  We have imported the certificate onto our system (windows 2000 SP4) at a client site (not within our domain).  When the user gets in to use the application, the application works but they receive continuous messages (depending on what we do within the application), with a window titled Private Key Container and is an informational window stating 'signing data with your private exchange key' but does not ask for a password.  We did have two certificates for the same site on the system, but have since removed one eventhough it did ask us which one we wanted to use for the site.

We have reviewed security settings for the internet, SSL on the web server but have not found the culprit.  We still have not tested it on another system at the client site, that is happening later this week.

If anyone understands why we are receiveing this informational window we would greatly appreciate the feedback.

Thanks

0
Comment
Question by:spinewr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 7

Expert Comment

by:msice
ID: 11716926
You need to make sure the cert is configured for the url you are using.
0
 

Author Comment

by:spinewr
ID: 11717058
Thanks for the info.  
The cert is an actual working one for the application.  It was exported and emailed to the client.  The client imported it and here we are with this problem.  I wish I was more familiar with configuring certs for urls, but I am not.  Is there a way to check and make sure it is configured for the url?  Or is there a way to check to see if it is corrupt?

Both of these answers could narrow down the hunt!

Thanks,
spinewr
0
 
LVL 7

Expert Comment

by:msice
ID: 11717120
When you or verisign build the certificate you have to enter the url (or give it to them) of the site exactly so if its http://xxx.xxxxx.com that’s what you have to enter.
0
 

Author Comment

by:spinewr
ID: 11720067
Yes, after checking this out it was done correctly.  Can anyone answer my other question?  How can you tell you have a corrupt cert.  The problem may just be on one pc and not all over.  The problem is I need to have the certificate reissued or export the certificate onto the next box, but I can't tell if the certificate I am using is ok or not.  I am also a long way from home so I can't test this exported cert on a box I know normally works.

Any help would be great!
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 11726415
This is default behavior for a Personal Certificate that has been set to use Medium Security when imported.  If it was set to High you would be prompted for a password every time the certificate was accessed.

The URL has nothing to do with it - that requirement is for SSL Cewrtificates, not for Personal (Client) Certificates. (Additionally, if you include the http:// in the common name of the certificate it will not function properly since that is not part of the Host field in a standard HTTP/1.1 compliant request)

If your certificate was corrupt you would likely not even get to the point of being told it was being used.  To make sure you could try sending an encrypted or digitally signed message to yourself.  If you can read it properly your certificate is fine.

Hope this helps.

Dave Dietz

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question