Ask a Question related to ASP.NET Security, Design and Development.
-
Curtis Justus #1
Valid Certificate Authority
Hi,
I need to verify that a certificate is coming from a valid certificate
authority. Does anybody know where I could obtain a list with that
information?
Thanks,
cj
Curtis Justus Guest
-
Win32::OLE and CAPICOM to find a certificate in certificate store will raise exception
Hi, I am trying to use win32::OLE to access certificate store via CAPICOM. If certificates in the store meet the searching criteria, the... -
Win2003 and NT AUTHORITY\NetworkService
We have an ASP.NET application on Win2003 box. This application runs under default user "NT AUTHORITY\NetworkService". We need to give right... -
Certificate Authority Server Service Stopped
My Certificate Authority Server Service Stopped and gets the following error message: Event ID: 42 Description: Certificate Services did not start:... -
Certificate Server and Windows XP - Cannot install certificate
Hello all, I would like to implement certificate server. I have installed the service on Win2003 server in standalone mode. I have created from... -
NT AUTHORITY\SYSTEM
Might be a Task Scheduler which invokes a shutdown command. Disable it. 1. Click Start > Programs > Accessories > System Tools > Task Scheduler |... -
Joe Kaplan \(MVP - ADSI\) #2 Re: Valid Certificate Authority
The certificate will be trusted based on the trusted root certificates
configured on the current machine. You can use the ICertificatePolicy class
that I mentioned before to determine whether the CA for the cert was not
trusted by examining the certificateProblem parameter in
CheckValidationResult. I found a decent blog posting that shows what the
values of the parameter can be (they are probably in the platform SDK
somewhere...):
[url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
Joe K.
"Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in message
news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...> Hi,
>
> I need to verify that a certificate is coming from a valid certificate
> authority. Does anybody know where I could obtain a list with that
> information?
>
> Thanks,
> cj
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Harry Simpson #3 Re: Valid Certificate Authority
Using the SelfSSL internally (intranet) and the third check doesn't pass
since we created the cert.
Where does this code (CheckValidationResult) actually go in the web
application??
Harry
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...class> The certificate will be trusted based on the trusted root certificates
> configured on the current machine. You can use the ICertificatePolicy> that I mentioned before to determine whether the CA for the cert was not
> trusted by examining the certificateProblem parameter in
> CheckValidationResult. I found a decent blog posting that shows what the
> values of the parameter can be (they are probably in the platform SDK
> somewhere...):
>
> [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
>
>
> Joe K.
>
> "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in message
> news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...>> > Hi,
> >
> > I need to verify that a certificate is coming from a valid certificate
> > authority. Does anybody know where I could obtain a list with that
> > information?
> >
> > Thanks,
> > cj
> >
> >
>
Harry Simpson Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Valid Certificate Authority
The code here shows how to create a class that implements
ICertificatePolicy:
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]
To use it, you add a new instance of your class to the
ServicePointManager.CertificatePolicy property BEFORE you make any
WebRequests (or SOAP calls or anything else that wraps WebRequest).
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]
Then, you can enforce your own certificate policy based on the rules you
code in your CheckValidationResult Method.
Joe K.
"Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...the> Using the SelfSSL internally (intranet) and the third check doesn't pass
> since we created the cert.
>
> Where does this code (CheckValidationResult) actually go in the web
> application??
>
> Harry
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...> class> > The certificate will be trusted based on the trusted root certificates
> > configured on the current machine. You can use the ICertificatePolicy> > that I mentioned before to determine whether the CA for the cert was not
> > trusted by examining the certificateProblem parameter in
> > CheckValidationResult. I found a decent blog posting that shows what>> > values of the parameter can be (they are probably in the platform SDK
> > somewhere...):
> >
> > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> >
> >
> > Joe K.
> >
> > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in message
> > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...> >> > > Hi,
> > >
> > > I need to verify that a certificate is coming from a valid certificate
> > > authority. Does anybody know where I could obtain a list with that
> > > information?
> > >
> > > Thanks,
> > > cj
> > >
> > >
> >
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Harry Simpson #5 Re: Valid Certificate Authority
Thanks Joe,
The code actually didn't work but it's probablky just me......
Was wondering where you put pre-request code in an ASP.NET app??
Harry
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]> The code here shows how to create a class that implements
> ICertificatePolicy:
>[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]>
> To use it, you add a new instance of your class to the
> ServicePointManager.CertificatePolicy property BEFORE you make any
> WebRequests (or SOAP calls or anything else that wraps WebRequest).
>
>wrote>
> Then, you can enforce your own certificate policy based on the rules you
> code in your CheckValidationResult Method.
>
> Joe K.
>
> "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...> > Using the SelfSSL internally (intranet) and the third check doesn't pass
> > since we created the cert.
> >
> > Where does this code (CheckValidationResult) actually go in the web
> > application??
> >
> > Harry
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>not> > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...> > class> > > The certificate will be trusted based on the trusted root certificates
> > > configured on the current machine. You can use the ICertificatePolicy> > > that I mentioned before to determine whether the CA for the cert wascertificate> the> > > trusted by examining the certificateProblem parameter in
> > > CheckValidationResult. I found a decent blog posting that shows what> > > values of the parameter can be (they are probably in the platform SDK
> > > somewhere...):
> > >
> > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > >
> > >
> > > Joe K.
> > >
> > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in message
> > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > Hi,
> > > >
> > > > I need to verify that a certificate is coming from a valid>> >> > > > authority. Does anybody know where I could obtain a list with that
> > > > information?
> > > >
> > > > Thanks,
> > > > cj
> > > >
> > > >
> > >
> > >
> >
>
Harry Simpson Guest
-
Joe Kaplan \(MVP - ADSI\) #6 Re: Valid Certificate Authority
I'm not sure I understand. Is your ASP.NET application making a call to
another web site via something based on HttpWebRequest or a web service
call? If so, you would do it then. If not, how are you calling another
server?
If you aren't calling another server, then why would you need to check a
server's certificate?
Joe K.
"Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]> Thanks Joe,
>
> The code actually didn't work but it's probablky just me......
>
> Was wondering where you put pre-request code in an ASP.NET app??
>
> Harry
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...>> > The code here shows how to create a class that implements
> > ICertificatePolicy:
> >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]>> >
> > To use it, you add a new instance of your class to the
> > ServicePointManager.CertificatePolicy property BEFORE you make any
> > WebRequests (or SOAP calls or anything else that wraps WebRequest).
> >
> >pass> >
> > Then, you can enforce your own certificate policy based on the rules you
> > code in your CheckValidationResult Method.
> >
> > Joe K.
> >
> > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...> > > Using the SelfSSL internally (intranet) and the third check doesn'tcertificates> wrote> > > since we created the cert.
> > >
> > > Where does this code (CheckValidationResult) actually go in the web
> > > application??
> > >
> > > Harry
> > >
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > The certificate will be trusted based on the trusted rootICertificatePolicy> > > > configured on the current machine. You can use thewhat> not> > > class
> > > > that I mentioned before to determine whether the CA for the cert was> > > > trusted by examining the certificateProblem parameter in
> > > > CheckValidationResult. I found a decent blog posting that showsSDK> > the> > > > values of the parameter can be (they are probably in the platformmessage> > > > somewhere...):
> > > >
> > > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > > >
> > > >
> > > > Joe K.
> > > >
> > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote inthat> certificate> > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > Hi,
> > > > >
> > > > > I need to verify that a certificate is coming from a valid> > > > > authority. Does anybody know where I could obtain a list with>> >> > > > > information?
> > > > >
> > > > > Thanks,
> > > > > cj
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Harry Simpson #7 Re: Valid Certificate Authority
Hi Joe,
I'm merely starting an ASP.NET web application on an intranet server from a
browser within the same intranet.
Since SelfSSL uses the name of the machine (SIMPSON) it doesn't reconcile to
the web's name "MyWebApp" when i make the call to it using
[url]https://SIMPSON/MyWebApp[/url]
so i get the third check not true notice. My app is not internet but
intranet with no internet Whois type url.
Harry
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:OTubsG2TEHA.1036@TK2MSFTNGP09.phx.gbl...wrote> I'm not sure I understand. Is your ASP.NET application making a call to
> another web site via something based on HttpWebRequest or a web service
> call? If so, you would do it then. If not, how are you calling another
> server?
>
> If you aren't calling another server, then why would you need to check a
> server's certificate?
>
> Joe K.
>
> "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...> > Thanks Joe,
> >
> > The code actually didn't work but it's probablky just me......
> >
> > Was wondering where you put pre-request code in an ASP.NET app??
> >
> > Harry
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]>> > in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...> >> > > The code here shows how to create a class that implements
> > > ICertificatePolicy:
> > >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]>> >> > >
> > > To use it, you add a new instance of your class to the
> > > ServicePointManager.CertificatePolicy property BEFORE you make any
> > > WebRequests (or SOAP calls or anything else that wraps WebRequest).
> > >
> > >you> > >
> > > Then, you can enforce your own certificate policy based on the ruleswas> pass> > > code in your CheckValidationResult Method.
> > >
> > > Joe K.
> > >
> > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...
> > > > Using the SelfSSL internally (intranet) and the third check doesn't> certificates> > wrote> > > > since we created the cert.
> > > >
> > > > Where does this code (CheckValidationResult) actually go in the web
> > > > application??
> > > >
> > > > Harry
> > > >
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> > > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > > The certificate will be trusted based on the trusted root> ICertificatePolicy> > > > > configured on the current machine. You can use the> > > > class
> > > > > that I mentioned before to determine whether the CA for the cert> what> > not> > > > > trusted by examining the certificateProblem parameter in
> > > > > CheckValidationResult. I found a decent blog posting that shows> SDK> > > the
> > > > > values of the parameter can be (they are probably in the platform> message> > > > > somewhere...):
> > > > >
> > > > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > > > >
> > > > >
> > > > > Joe K.
> > > > >
> > > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in> that> > certificate> > > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > > Hi,
> > > > > >
> > > > > > I need to verify that a certificate is coming from a valid> > > > > > authority. Does anybody know where I could obtain a list with>> >> > > > > > information?
> > > > > >
> > > > > > Thanks,
> > > > > > cj
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Harry Simpson Guest
-
Joe Kaplan \(MVP - ADSI\) #8 Re: Valid Certificate Authority
Ok, the thing is here that it is your browser that is complaining about the
server certificate, not the server that is complaining. Since your browser
is not sending a client certificate to the server, there is nothing for the
server to check. Thus there is no code you can put in your web application.
However, SSL should match the name on the certificate to the hostname
(SIMPSON) in your case, so it should work. What certificate warning do you
get from IE and what are the details?
Joe K.
"Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
news:eNUJC67TEHA.1048@tk2msftngp13.phx.gbl...a> Hi Joe,
>
> I'm merely starting an ASP.NET web application on an intranet server fromto> browser within the same intranet.
>
> Since SelfSSL uses the name of the machine (SIMPSON) it doesn't reconcile[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]> the web's name "MyWebApp" when i make the call to it using
> [url]https://SIMPSON/MyWebApp[/url]
> so i get the third check not true notice. My app is not internet but
> intranet with no internet Whois type url.
>
> Harry
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:OTubsG2TEHA.1036@TK2MSFTNGP09.phx.gbl...> wrote> > I'm not sure I understand. Is your ASP.NET application making a call to
> > another web site via something based on HttpWebRequest or a web service
> > call? If so, you would do it then. If not, how are you calling another
> > server?
> >
> > If you aren't calling another server, then why would you need to check a
> > server's certificate?
> >
> > Joe K.
> >
> > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...> > > Thanks Joe,
> > >
> > > The code actually didn't work but it's probablky just me......
> > >
> > > Was wondering where you put pre-request code in an ASP.NET app??
> > >
> > > Harry
> > >
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>>> >> > > in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...
> > > > The code here shows how to create a class that implements
> > > > ICertificatePolicy:
> > > >
> > >[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]>> >> > > >
> > > > To use it, you add a new instance of your class to the
> > > > ServicePointManager.CertificatePolicy property BEFORE you make any
> > > > WebRequests (or SOAP calls or anything else that wraps WebRequest).
> > > >
> > > >
> > >doesn't> you> > > >
> > > > Then, you can enforce your own certificate policy based on the rules> > > > code in your CheckValidationResult Method.
> > > >
> > > > Joe K.
> > > >
> > > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...
> > > > > Using the SelfSSL internally (intranet) and the third checkweb> > pass> > > > > since we created the cert.
> > > > >
> > > > > Where does this code (CheckValidationResult) actually go in the<joseph.e.kaplan@removethis.accenture.com>> > > > > application??
> > > > >
> > > > > Harry
> > > > >
> > > > > "Joe Kaplan (MVP - ADSI)"platform> was> > certificates> > > wrote
> > > > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > > > The certificate will be trusted based on the trusted root> > ICertificatePolicy> > > > > > configured on the current machine. You can use the> > > > > class
> > > > > > that I mentioned before to determine whether the CA for the cert> > what> > > not
> > > > > > trusted by examining the certificateProblem parameter in
> > > > > > CheckValidationResult. I found a decent blog posting that shows> > > > the
> > > > > > values of the parameter can be (they are probably in the>> > SDK> > message> > > > > > somewhere...):
> > > > > >
> > > > > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > > > > >
> > > > > >
> > > > > > Joe K.
> > > > > >
> > > > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in> > that> > > > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > > > Hi,
> > > > > > >
> > > > > > > I need to verify that a certificate is coming from a valid
> > > certificate
> > > > > > > authority. Does anybody know where I could obtain a list with> >> > > > > > > information?
> > > > > > >
> > > > > > > Thanks,
> > > > > > > cj
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Harry Simpson #9 Re: Valid Certificate Authority
Joe,
It's the third check on the Security Alert dialog box:
"The name on the security certificate is invalid or does not match the name
of the site"
Harry
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:u1iYKb8TEHA.3012@tk2msftngp13.phx.gbl...the> Ok, the thing is here that it is your browser that is complaining aboutbrowser> server certificate, not the server that is complaining. Since yourthe> is not sending a client certificate to the server, there is nothing forapplication.> server to check. Thus there is no code you can put in your webyou>
> However, SSL should match the name on the certificate to the hostname
> (SIMPSON) in your case, so it should work. What certificate warning dofrom> get from IE and what are the details?
>
> Joe K.
>
> "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> news:eNUJC67TEHA.1048@tk2msftngp13.phx.gbl...> > Hi Joe,
> >
> > I'm merely starting an ASP.NET web application on an intranet serverreconcile> a> > browser within the same intranet.
> >
> > Since SelfSSL uses the name of the machine (SIMPSON) it doesn'twrote> to> > the web's name "MyWebApp" when i make the call to it using
> > [url]https://SIMPSON/MyWebApp[/url]
> > so i get the third check not true notice. My app is not internet but
> > intranet with no internet Whois type url.
> >
> > Harry
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>to> > in message news:OTubsG2TEHA.1036@TK2MSFTNGP09.phx.gbl...> > > I'm not sure I understand. Is your ASP.NET application making a callservice> > > another web site via something based on HttpWebRequest or a webanother> > > call? If so, you would do it then. If not, how are you callinga> > > server?
> > >
> > > If you aren't calling another server, then why would you need to check[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]>> > wrote> > > server's certificate?
> > >
> > > Joe K.
> > >
> > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...
> > > > Thanks Joe,
> > > >
> > > > The code actually didn't work but it's probablky just me......
> > > >
> > > > Was wondering where you put pre-request code in an ASP.NET app??
> > > >
> > > > Harry
> > > >
> > > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> >> > > > in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...
> > > > > The code here shows how to create a class that implements
> > > > > ICertificatePolicy:
> > > > >
> > > >
> > >WebRequest).> > > > >
> > > > > To use it, you add a new instance of your class to the
> > > > > ServicePointManager.CertificatePolicy property BEFORE you make any
> > > > > WebRequests (or SOAP calls or anything else that wraps[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]>> >> > > > >
> > > > >
> > > >
> > >rules> > > > >
> > > > > Then, you can enforce your own certificate policy based on thecert> doesn't> > you> > > > > code in your CheckValidationResult Method.
> > > > >
> > > > > Joe K.
> > > > >
> > > > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > > > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...
> > > > > > Using the SelfSSL internally (intranet) and the third check> web> > > pass
> > > > > > since we created the cert.
> > > > > >
> > > > > > Where does this code (CheckValidationResult) actually go in the> <joseph.e.kaplan@removethis.accenture.com>> > > > > > application??
> > > > > >
> > > > > > Harry
> > > > > >
> > > > > > "Joe Kaplan (MVP - ADSI)"> > > > wrote
> > > > > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > > > > The certificate will be trusted based on the trusted root
> > > certificates
> > > > > > > configured on the current machine. You can use the
> > > ICertificatePolicy
> > > > > > class
> > > > > > > that I mentioned before to determine whether the CA for theshows> > was> > > > not
> > > > > > > trusted by examining the certificateProblem parameter in
> > > > > > > CheckValidationResult. I found a decent blog posting thatwith> platform> > > what
> > > > > the
> > > > > > > values of the parameter can be (they are probably in the> > > SDK
> > > > > > > somewhere...):
> > > > > > >
> > > > > > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > > > > > >
> > > > > > >
> > > > > > > Joe K.
> > > > > > >
> > > > > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote in
> > > message
> > > > > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > I need to verify that a certificate is coming from a valid
> > > > certificate
> > > > > > > > authority. Does anybody know where I could obtain a list>> >> > > that
> > > > > > > > information?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > cj
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Harry Simpson Guest
-
Joe Kaplan \(MVP - ADSI\) #10 Re: Valid Certificate Authority
I think that dialog allows you to bring up the name of the certificate in
the certificate viewer, so you should be able to check that to verify that
the name on the cert is actually equal to SIMPSON. If it is not, then that
is the problem. You can either change the certificate to match the hostname
or change the hostname (via DNS, hosts file or whatever) to match the cert.
HTH,
Joe K.
"Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
news:OB$DjK$TEHA.2972@TK2MSFTNGP12.phx.gbl...name> Joe,
>
> It's the third check on the Security Alert dialog box:
> "The name on the security certificate is invalid or does not match thecall> of the site"
>
> Harry
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
> in message news:u1iYKb8TEHA.3012@tk2msftngp13.phx.gbl...> the> > Ok, the thing is here that it is your browser that is complaining about> browser> > server certificate, not the server that is complaining. Since your> the> > is not sending a client certificate to the server, there is nothing for> application.> > server to check. Thus there is no code you can put in your web> you> >
> > However, SSL should match the name on the certificate to the hostname
> > (SIMPSON) in your case, so it should work. What certificate warning do> from> > get from IE and what are the details?
> >
> > Joe K.
> >
> > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > news:eNUJC67TEHA.1048@tk2msftngp13.phx.gbl...> > > Hi Joe,
> > >
> > > I'm merely starting an ASP.NET web application on an intranet server> reconcile> > a> > > browser within the same intranet.
> > >
> > > Since SelfSSL uses the name of the machine (SIMPSON) it doesn't> wrote> > to> > > the web's name "MyWebApp" when i make the call to it using
> > > [url]https://SIMPSON/MyWebApp[/url]
> > > so i get the third check not true notice. My app is not internet but
> > > intranet with no internet Whois type url.
> > >
> > > Harry
> > >
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>> > > in message news:OTubsG2TEHA.1036@TK2MSFTNGP09.phx.gbl...
> > > > I'm not sure I understand. Is your ASP.NET application making acheck> to> service> > > > another web site via something based on HttpWebRequest or a web> another> > > > call? If so, you would do it then. If not, how are you calling> > > > server?
> > > >
> > > > If you aren't calling another server, then why would you need to<joseph.e.kaplan@removethis.accenture.com>> a> > > > server's certificate?
> > > >
> > > > Joe K.
> > > >
> > > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > > news:usTnTpzTEHA.3976@TK2MSFTNGP09.phx.gbl...
> > > > > Thanks Joe,
> > > > >
> > > > > The code actually didn't work but it's probablky just me......
> > > > >
> > > > > Was wondering where you put pre-request code in an ASP.NET app??
> > > > >
> > > > > Harry
> > > > >
> > > > > "Joe Kaplan (MVP - ADSI)"[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetICertificatePolicyClassTopic.asp?fra me=true[/url]>> >> > > wrote
> > > > > in message news:O%236L97yTEHA.808@tk2msftngp13.phx.gbl...
> > > > > > The code here shows how to create a class that implements
> > > > > > ICertificatePolicy:
> > > > > >
> > > > >
> > > >
> > >any> > > > > >
> > > > > > To use it, you add a new instance of your class to the
> > > > > > ServicePointManager.CertificatePolicy property BEFORE you make[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemNetServicePointManagerClassCertificateP olicyTopic.asp?frame=true[/url]> WebRequest).> > > > > > WebRequests (or SOAP calls or anything else that wraps>> >> > > > > >
> > > > > >
> > > > >
> > > >
> > >the> rules> > > > > >
> > > > > > Then, you can enforce your own certificate policy based on the> > doesn't> > > you
> > > > > > code in your CheckValidationResult Method.
> > > > > >
> > > > > > Joe K.
> > > > > >
> > > > > > "Harry Simpson" <hssimpson@nospamphgt.net> wrote in message
> > > > > > news:OH7xojxTEHA.1472@TK2MSFTNGP12.phx.gbl...
> > > > > > > Using the SelfSSL internally (intranet) and the third check> > > > pass
> > > > > > > since we created the cert.
> > > > > > >
> > > > > > > Where does this code (CheckValidationResult) actually go inin> cert> > web> > <joseph.e.kaplan@removethis.accenture.com>> > > > > > > application??
> > > > > > >
> > > > > > > Harry
> > > > > > >
> > > > > > > "Joe Kaplan (MVP - ADSI)"> > > > > wrote
> > > > > > > in message news:eq6OqzwTEHA.3988@TK2MSFTNGP10.phx.gbl...
> > > > > > > > The certificate will be trusted based on the trusted root
> > > > certificates
> > > > > > > > configured on the current machine. You can use the
> > > > ICertificatePolicy
> > > > > > > class
> > > > > > > > that I mentioned before to determine whether the CA for the> shows> > > was
> > > > > not
> > > > > > > > trusted by examining the certificateProblem parameter in
> > > > > > > > CheckValidationResult. I found a decent blog posting that> > platform> > > > what
> > > > > > the
> > > > > > > > values of the parameter can be (they are probably in the> > > > SDK
> > > > > > > > somewhere...):
> > > > > > > >
> > > > > > > > [url]http://weblogs.asp.net/wim/archive/2004/04/02/106281.aspx[/url]
> > > > > > > >
> > > > > > > >
> > > > > > > > Joe K.
> > > > > > > >
> > > > > > > > "Curtis Justus" <cjustus-nospam@ser.nospam.itis.com> wrote> with> > > > message
> > > > > > > > news:ePvVDovTEHA.1548@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > I need to verify that a certificate is coming from a valid
> > > > > certificate
> > > > > > > > > authority. Does anybody know where I could obtain a list>> >> > > > that
> > > > > > > > > information?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > cj
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
Joe Kaplan \(MVP - ADSI\) Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
