We use clntrust.exe to authentication user with single sign on.

In the event clntrust.exe has lost itself on the client we also use the
web login.

are there any problems with this on the Vista operating system, for
example the certificates or anything else.

Might like to clarify clntrust.exe works fine.. its the web login that
I'm asking about.

JollyJohny;1675013 Wrote:
> Might like to clarify clntrust.exe works fine.. its the web login that
> I'm asking about.

yes, certificate that is assigned to the BM server (in proxy
configuration)
Either IP or DNS
If issued by not trusted CA (which is not imported onto local machine)
then users will get an error

Seb


--
spgsitsupport
------------------------------------------------------------------------
spgsitsupport's Profile: http://forums.novell.com/member.php?userid=2356
View this thread: http://forums.novell.com/showthread.php?t=349987

spgsitsupport wrote:
> JollyJohny;1675013 Wrote:
>> Might like to clarify clntrust.exe works fine.. its the web login that
>> I'm asking about.
>
> yes, certificate that is assigned to the BM server (in proxy
> configuration)
> Either IP or DNS
> If issued by not trusted CA (which is not imported onto local machine)
> then users will get an error
>
> Seb
>
>




How do I import it ? I've tried this with various other certificates
such as ZCM 10, and Netware certs for imanager. I have had very little
success.

When I export from Netware CA in Console One they are in DER format.

Internet explorer wants the cert in cer format.

I've used the following the convert deom der to cer.

http://www.novell.com/support/php/s...%200%2090860768

Incase site does not work:

1. Export the Self Signed Certificate from ConsoleOne.
a. Open CA object in O=Security
b. Select Certificates -> Self Signed Certificate
c. Do not export the private key.
d. Export the file in DER format; name it c:\RootCert.der

2. Convert .der format to .cer
a. On a Windows workstation double click the c:\RootCert.der and IE will
prompt to import the certificate.
b. Go to the details tab and press copy to file.
c. Follow the wizard until you get prompted to select the format.
Select DER endoded binary X.509 (.CER)
d. Put the file name in (example c:\newcert) and finish. The file will
be named c:\newcert.cer



Correct me if I am wrong anywhere.

When I attempt to import cer format certificate in Internet explorer.. I
assume this is where it needs to be done. I do it at the "Trusted Root
Certification Authority"

Then I attempt to access the SSL site using a certificate signed by this
CA and I still see the same certificate errors.

Any tips ?

JollyJohny;1675051 Wrote:
> spgsitsupport wrote:
> > JollyJohny;1675013 Wrote:
> >> Might like to clarify clntrust.exe works fine.. its the web login
> that
> >> I'm asking about.
> >
> > yes, certificate that is assigned to the BM server (in proxy
> > configuration)
> > Either IP or DNS
> > If issued by not trusted CA (which is not imported onto local
> machine)
> > then users will get an error
> >
> > Seb
> >
> >
>
> I always used IE 6 to do it. Go to site that has untrusted (your
> company own) CA certificate. Ignore the warning, double click on the
> padlock in bottom righ corner, Certification Path tab, chose CA top
> certificate/View/Install
>
> Once you have it on your workstation you can export it (it will do
> .cer) and then you can import on ALL the other workstations you need
> to.
>
> Or buy wildcard certificate from ie GoDaddy (cheap & chearful)
>
> Seb
>
>
>
>
>
> How do I import it ? I've tried this with various other certificates
> such as ZCM 10, and Netware certs for imanager. I have had very
> little
> success.
>
> When I export from Netware CA in Console One they are in DER format.
>
> Internet explorer wants the cert in cer format.
>
> I've used the following the convert deom der to cer.
>
> '10099634: How to convert a certificate from .der to .cer.'
> (http://tinyurl.com/5tuu32)
>
> Incase site does not work:
>
> 1. Export the Self Signed Certificate from ConsoleOne.
> a. Open CA object in O=Security
> b. Select Certificates -> Self Signed Certificate
> c. Do not export the private key.
> d. Export the file in DER format; name it c:\RootCert.der
>
> 2. Convert .der format to .cer
> a. On a Windows workstation double click the c:\RootCert.der and IE
> will
> prompt to import the certificate.
> b. Go to the details tab and press copy to file.
> c. Follow the wizard until you get prompted to select the format.
> Select DER endoded binary X.509 (.CER)
> d. Put the file name in (example c:\newcert) and finish. The file
> will
> be named c:\newcert.cer
>
>
>
> Correct me if I am wrong anywhere.
>
> When I attempt to import cer format certificate in Internet explorer..
> I
> assume this is where it needs to be done. I do it at the "Trusted
> Root
> Certification Authority"
>
> Then I attempt to access the SSL site using a certificate signed by
> this
> CA and I still see the same certificate errors.
>
> Any tips ?


--
spgsitsupport
------------------------------------------------------------------------
spgsitsupport's Profile: http://forums.novell.com/member.php?userid=2356
View this thread: http://forums.novell.com/showthread.php?t=349987