Guest Patrick Sona Posted July 1, 2008 Posted July 1, 2008 Hi all! I have a client-certificate created with our CA on a windows2003 server standard edition with the "user-template". The problem is, that this certificate is not shown in the certificate-selection when i try to establish an SSL connection with client-auth. The certificate is installed in the local user-certificate-store. Other certificates, such as my private Thawte-Certificates are shown. This problem occurs also with Firefox. What do I have to configure, that I can use certificats of our CA with SSL-client-auth? Have anyone an idea or solution for this problem? Thanx Pat Following there is a dump of this certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 1e:d4:20:a4:00:00:00:00:01:c6 Signature Algorithm: sha1WithRSAEncryption Issuer: C=de, O=xxx, OU=test, CN=CA 0 Validity Not Before: Jun 30 12:13:20 2008 GMT Not After : Jun 30 12:13:20 2009 GMT Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02 bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97 20:ea:18:99:eb:b9:64:1b:1d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: Digital Signature, Key Encipherment S/MIME Capabilities: .......0...+....0050... .H.. ... .H.. X509v3 Subject Key Identifier: EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4: 1.3.6.1.4.1.311.20.2: ...U.s.e.r X509v3 Authority Key Identifier: keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE: 1 X509v3 CRL Distribution Points: URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP, 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c tionList?base?objectClass=cRLDistributionPoint URI:http://xxx.test.xxx.de/CertEnr Authority Information Access: CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti ctClass=certificationAuthority CA Issuers - URI:http://xxx.test.xxx /xxx.test.xxx.de_CA%200.crt X509v3 Extended Key Usage: Microsoft Encrypted File System, E-mail Protecti nt Authentication X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e: 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f: c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f: c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13: 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b: ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32: eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31: 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82: ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31: ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a: f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6: d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b: b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9: dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8: 62:01:12:37 -----BEGIN CERTIFICATE----- MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8 ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10 ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0 eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0 QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4 tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB Ejc= -----END CERTIFICATE----- Quote
Guest Brian Komar \(MVP\) Posted July 2, 2008 Posted July 2, 2008 The root CA of the private certificate chain must be designated as a trusted root cert in the enterprise. It sounds like it is not a know root CA. Try running certutil -dspublish -f <rootcert.cer> RootCA as a member of the enterprise admins Brian "Patrick Sona" <sona@Flexsecure.de> wrote in message news:uMDbax32IHA.2064@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > Hi all! > I have a client-certificate created with our CA on a windows2003 server > standard edition with the "user-template". > The problem is, that this certificate is not shown in the > certificate-selection when i try to establish an SSL connection with > client-auth. > The certificate is installed in the local user-certificate-store. > Other certificates, such as my private Thawte-Certificates are shown. > This problem occurs also with Firefox. > What do I have to configure, that I can use certificats of our CA with > SSL-client-auth? > > Have anyone an idea or solution for this problem? > > Thanx > Pat > > Following there is a dump of this certificate: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 1e:d4:20:a4:00:00:00:00:01:c6 > Signature Algorithm: sha1WithRSAEncryption > Issuer: C=de, O=xxx, OU=test, CN=CA 0 > Validity > Not Before: Jun 30 12:13:20 2008 GMT > Not After : Jun 30 12:13:20 2009 GMT > Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02 > bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf > 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f > e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5 > 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63 > 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6 > 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e > 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97 > 20:ea:18:99:eb:b9:64:1b:1d > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Key Usage: > Digital Signature, Key Encipherment > S/MIME Capabilities: > ......0...+....0050... .H.. > .. .H.. > X509v3 Subject Key Identifier: > EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4: > 1.3.6.1.4.1.311.20.2: > ...U.s.e.r > X509v3 Authority Key Identifier: > keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE: > 1 > > X509v3 CRL Distribution Points: > URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP, > 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c > tionList?base?objectClass=cRLDistributionPoint > URI:http://xxx.test.xxx.de/CertEnr > > Authority Information Access: > CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub > ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti > ctClass=certificationAuthority > CA Issuers - URI:http://xxx.test.xxx > /xxx.test.xxx.de_CA%200.crt > > X509v3 Extended Key Usage: > Microsoft Encrypted File System, E-mail Protecti > nt Authentication > X509v3 Subject Alternative Name: > othername:<unsupported> > Signature Algorithm: sha1WithRSAEncryption > 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e: > 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f: > c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f: > c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13: > 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b: > ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32: > eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31: > 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82: > ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31: > ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a: > f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6: > d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b: > b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9: > dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8: > 62:01:12:37 > -----BEGIN CERTIFICATE----- > MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD > VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT > BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm > iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk > ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y > IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC > vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8 > ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl > 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ > KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG > BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM > RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE > IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v > Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw > S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10 > ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz > ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu > bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC > ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D > QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp > Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl > cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0 > eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu > LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El > MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH > AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0 > QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ > n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg > Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto > 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4 > tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C > kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB > Ejc= > -----END CERTIFICATE----- </span> Quote
Guest Patrick Sona Posted July 2, 2008 Posted July 2, 2008 Brian Komar (MVP) schrieb:<span style="color:blue"> > The root CA of the private certificate chain must be designated as a > trusted root cert in the enterprise. > It sounds like it is not a know root CA. > Try running > certutil -dspublish -f <rootcert.cer> RootCA > as a member of the enterprise admins > Brian > "Patrick Sona" <sona@Flexsecure.de> wrote in message > news:uMDbax32IHA.2064@TK2MSFTNGP02.phx.gbl...<span style="color:green"> >> Hi all! >> I have a client-certificate created with our CA on a windows2003 >> server standard edition with the "user-template". >> The problem is, that this certificate is not shown in the >> certificate-selection when i try to establish an SSL connection with >> client-auth. >> The certificate is installed in the local user-certificate-store. >> Other certificates, such as my private Thawte-Certificates are shown. >> This problem occurs also with Firefox. >> What do I have to configure, that I can use certificats of our CA with >> SSL-client-auth? >> >> Have anyone an idea or solution for this problem? >> >> Thanx >> Pat >> >> Following there is a dump of this certificate: >> >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: >> 1e:d4:20:a4:00:00:00:00:01:c6 >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: C=de, O=xxx, OU=test, CN=CA 0 >> Validity >> Not Before: Jun 30 12:13:20 2008 GMT >> Not After : Jun 30 12:13:20 2009 GMT >> Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> RSA Public Key: (1024 bit) >> Modulus (1024 bit): >> 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02 >> bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf >> 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f >> e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5 >> 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63 >> 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6 >> 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e >> 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97 >> 20:ea:18:99:eb:b9:64:1b:1d >> Exponent: 65537 (0x10001) >> X509v3 extensions: >> X509v3 Key Usage: >> Digital Signature, Key Encipherment >> S/MIME Capabilities: >> ......0...+....0050... .H.. >> .. .H.. >> X509v3 Subject Key Identifier: >> EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4: >> 1.3.6.1.4.1.311.20.2: >> ...U.s.e.r >> X509v3 Authority Key Identifier: >> keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE: >> 1 >> >> X509v3 CRL Distribution Points: >> URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP, >> 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c >> tionList?base?objectClass=cRLDistributionPoint >> URI:http://xxx.test.xxx.de/CertEnr >> >> Authority Information Access: >> CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub >> ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti >> ctClass=certificationAuthority >> CA Issuers - URI:http://xxx.test.xxx >> /xxx.test.xxx.de_CA%200.crt >> >> X509v3 Extended Key Usage: >> Microsoft Encrypted File System, E-mail Protecti >> nt Authentication >> X509v3 Subject Alternative Name: >> othername:<unsupported> >> Signature Algorithm: sha1WithRSAEncryption >> 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e: >> 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f: >> c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f: >> c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13: >> 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b: >> ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32: >> eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31: >> 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82: >> ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31: >> ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a: >> f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6: >> d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b: >> b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9: >> dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8: >> 62:01:12:37 >> -----BEGIN CERTIFICATE----- >> MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD >> VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT >> BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm >> iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk >> ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y >> IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC >> vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8 >> ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl >> 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ >> KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG >> BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM >> RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE >> IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v >> Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw >> S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10 >> ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz >> ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu >> bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC >> ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D >> QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp >> Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl >> cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0 >> eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu >> LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El >> MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH >> AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0 >> QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ >> n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg >> Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto >> 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4 >> tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C >> kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB >> Ejc= >> -----END CERTIFICATE----- </span> > </span> Thanx Brian! That was the solution. I didn't import the whole root-CA-chain, only the single CA-Cert. In certmgr the clientcert was valid, but id doesn't was visible in the certificateselector. Now I imported the whole CA-Chain and the client-cert will be visible in the selector. I don't know, what there was difference, because the whole chain is only : CA | - Clientcert But now it works. Thanx a lot! Greetings Pat Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.