Client-Cert doesn't shown in selection when SSL-login

  • Thread starter Thread starter Patrick Sona
  • Start date Start date
P

Patrick Sona

Hi all!
I have a client-certificate created with our CA on a windows2003 server
standard edition with the "user-template".
The problem is, that this certificate is not shown in the
certificate-selection when i try to establish an SSL connection with
client-auth.
The certificate is installed in the local user-certificate-store.
Other certificates, such as my private Thawte-Certificates are shown.
This problem occurs also with Firefox.
What do I have to configure, that I can use certificats of our CA with
SSL-client-auth?

Have anyone an idea or solution for this problem?

Thanx
Pat

Following there is a dump of this certificate:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:d4:20:a4:00:00:00:00:01:c6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=de, O=xxx, OU=test, CN=CA 0
Validity
Not Before: Jun 30 12:13:20 2008 GMT
Not After : Jun 30 12:13:20 2009 GMT
Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02
bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf
46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f
e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5
1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63
26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6
97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e
64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97
20:ea:18:99:eb:b9:64:1b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
S/MIME Capabilities:
.......0...+....0050...*.H..
...*.H..
X509v3 Subject Key Identifier:
EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4:
1.3.6.1.4.1.311.20.2:
...U.s.e.r
X509v3 Authority Key Identifier:
keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE:
1

X509v3 CRL Distribution Points:
URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP,
20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c
tionList?base?objectClass=cRLDistributionPoint
URI:http://xxx.test.xxx.de/CertEnr

Authority Information Access:
CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub
ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti
ctClass=certificationAuthority
CA Issuers - URI:http://xxx.test.xxx
/xxx.test.xxx.de_CA%200.crt

X509v3 Extended Key Usage:
Microsoft Encrypted File System, E-mail Protecti
nt Authentication
X509v3 Subject Alternative Name:
othername:
Signature Algorithm: sha1WithRSAEncryption
0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e:
72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f:
c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f:
c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13:
7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b:
ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32:
eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31:
54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82:
ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31:
ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a:
f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6:
d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b:
b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9:
dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8:
62:01:12:37
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD
VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT
BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm
iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk
ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y
IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC
vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8
ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl
57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ
KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG
BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM
RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE
IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v
Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw
S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10
ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz
ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu
bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC
ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D
QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp
Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl
cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0
eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu
LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El
MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH
AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0
QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ
n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg
Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto
1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4
tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C
kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB
Ejc=
-----END CERTIFICATE-----
 
The root CA of the private certificate chain must be designated as a trusted
root cert in the enterprise.
It sounds like it is not a know root CA.
Try running
certutil -dspublish -f RootCA
as a member of the enterprise admins
Brian
"Patrick Sona" wrote in message
news:uMDbax32IHA.2064@TK2MSFTNGP02.phx.gbl...
> Hi all!
> I have a client-certificate created with our CA on a windows2003 server
> standard edition with the "user-template".
> The problem is, that this certificate is not shown in the
> certificate-selection when i try to establish an SSL connection with
> client-auth.
> The certificate is installed in the local user-certificate-store.
> Other certificates, such as my private Thawte-Certificates are shown.
> This problem occurs also with Firefox.
> What do I have to configure, that I can use certificats of our CA with
> SSL-client-auth?
>
> Have anyone an idea or solution for this problem?
>
> Thanx
> Pat
>
> Following there is a dump of this certificate:
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 1e:d4:20:a4:00:00:00:00:01:c6
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=de, O=xxx, OU=test, CN=CA 0
> Validity
> Not Before: Jun 30 12:13:20 2008 GMT
> Not After : Jun 30 12:13:20 2009 GMT
> Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02
> bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf
> 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f
> e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5
> 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63
> 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6
> 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e
> 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97
> 20:ea:18:99:eb:b9:64:1b:1d
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Key Usage:
> Digital Signature, Key Encipherment
> S/MIME Capabilities:
> ......0...+....0050...*.H..
> ..*.H..
> X509v3 Subject Key Identifier:
> EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4:
> 1.3.6.1.4.1.311.20.2:
> ...U.s.e.r
> X509v3 Authority Key Identifier:
> keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE:
> 1
>
> X509v3 CRL Distribution Points:
> URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP,
> 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c
> tionList?base?objectClass=cRLDistributionPoint
> URI:http://xxx.test.xxx.de/CertEnr
>
> Authority Information Access:
> CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub
> ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti
> ctClass=certificationAuthority
> CA Issuers - URI:http://xxx.test.xxx
> /xxx.test.xxx.de_CA%200.crt
>
> X509v3 Extended Key Usage:
> Microsoft Encrypted File System, E-mail Protecti
> nt Authentication
> X509v3 Subject Alternative Name:
> othername:
> Signature Algorithm: sha1WithRSAEncryption
> 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e:
> 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f:
> c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f:
> c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13:
> 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b:
> ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32:
> eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31:
> 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82:
> ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31:
> ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a:
> f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6:
> d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b:
> b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9:
> dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8:
> 62:01:12:37
> -----BEGIN CERTIFICATE-----
> MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD
> VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT
> BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm
> iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk
> ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y
> IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC
> vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8
> ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl
> 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ
> KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG
> BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM
> RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE
> IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v
> Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw
> S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10
> ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz
> ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu
> bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC
> ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D
> QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp
> Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl
> cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0
> eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu
> LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El
> MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH
> AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0
> QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ
> n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg
> Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto
> 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4
> tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C
> kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB
> Ejc=
> -----END CERTIFICATE-----
 
Brian Komar (MVP) schrieb:
> The root CA of the private certificate chain must be designated as a
> trusted root cert in the enterprise.
> It sounds like it is not a know root CA.
> Try running
> certutil -dspublish -f RootCA
> as a member of the enterprise admins
> Brian
> "Patrick Sona" wrote in message
> news:uMDbax32IHA.2064@TK2MSFTNGP02.phx.gbl...
>> Hi all!
>> I have a client-certificate created with our CA on a windows2003
>> server standard edition with the "user-template".
>> The problem is, that this certificate is not shown in the
>> certificate-selection when i try to establish an SSL connection with
>> client-auth.
>> The certificate is installed in the local user-certificate-store.
>> Other certificates, such as my private Thawte-Certificates are shown.
>> This problem occurs also with Firefox.
>> What do I have to configure, that I can use certificats of our CA with
>> SSL-client-auth?
>>
>> Have anyone an idea or solution for this problem?
>>
>> Thanx
>> Pat
>>
>> Following there is a dump of this certificate:
>>
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number:
>> 1e:d4:20:a4:00:00:00:00:01:c6
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: C=de, O=xxx, OU=test, CN=CA 0
>> Validity
>> Not Before: Jun 30 12:13:20 2008 GMT
>> Not After : Jun 30 12:13:20 2009 GMT
>> Subject: DC=de, DC=xxx, DC=test, CN=Users, CN=Administ
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> RSA Public Key: (1024 bit)
>> Modulus (1024 bit):
>> 00:a6:22:cd:73:47:94:a0:67:67:48:ea:2b:35:02
>> bd:a4:2e:aa:7c:e6:95:2d:fc:48:af:97:f7:e1:cf
>> 46:9b:eb:7c:28:94:d0:aa:f9:7c:7c:4a:fd:05:3f
>> e4:95:1d:9e:7a:be:db:00:58:70:55:5e:54:38:f5
>> 1c:b1:7c:ce:2a:25:c8:14:b4:67:d1:4b:8a:24:63
>> 26:e6:87:ca:0d:03:6c:72:24:9e:5f:d5:79:de:f6
>> 97:20:cc:44:11:87:6f:5e:d0:ca:bb:d7:0f:b0:9e
>> 64:9c:f2:fa:f0:65:e7:bf:8b:0a:6d:7c:c4:5b:97
>> 20:ea:18:99:eb:b9:64:1b:1d
>> Exponent: 65537 (0x10001)
>> X509v3 extensions:
>> X509v3 Key Usage:
>> Digital Signature, Key Encipherment
>> S/MIME Capabilities:
>> ......0...+....0050...*.H..
>> ..*.H..
>> X509v3 Subject Key Identifier:
>> EE:F0:5F:EF:E0:2C:14:01:30:8C:17:83:22:AE:54:E4:
>> 1.3.6.1.4.1.311.20.2:
>> ...U.s.e.r
>> X509v3 Authority Key Identifier:
>> keyid:55:10:1A:80:D2:25:10:04:04:22:13:1B:5B:FE:
>> 1
>>
>> X509v3 CRL Distribution Points:
>> URI:ldap:///CN=CA%200,CN=xxx-7zjm60,CN=CDP,
>> 20Services,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?c
>> tionList?base?objectClass=cRLDistributionPoint
>> URI:http://xxx.test.xxx.de/CertEnr
>>
>> Authority Information Access:
>> CA Issuers - URI:ldap:///CN=CA%200,CN=AIA,CN=Pub
>> ices,CN=Services,CN=Configuration,DC=test,DC=xxx,DC=de?cACerti
>> ctClass=certificationAuthority
>> CA Issuers - URI:http://xxx.test.xxx
>> /xxx.test.xxx.de_CA%200.crt
>>
>> X509v3 Extended Key Usage:
>> Microsoft Encrypted File System, E-mail Protecti
>> nt Authentication
>> X509v3 Subject Alternative Name:
>> othername:
>> Signature Algorithm: sha1WithRSAEncryption
>> 0d:f1:58:49:f3:33:8c:a5:9d:c6:5c:9d:7c:89:9f:f4:66:3e:
>> 72:cf:3e:f5:18:74:1f:1b:b9:23:1f:a1:01:dc:83:82:74:4f:
>> c5:fc:54:e4:ad:73:38:01:f7:ad:39:d2:9c:d3:53:75:0e:8f:
>> c8:64:27:24:34:ee:6a:60:2e:8a:7c:8b:d6:e0:21:6a:92:13:
>> 7f:0e:71:8c:e1:e6:76:36:ef:35:8e:24:a7:42:96:ad:51:8b:
>> ef:24:e4:19:28:4b:a2:0c:69:ab:47:a8:eb:8e:e5:c9:a9:32:
>> eb:68:d5:0b:72:19:e9:21:b5:aa:32:62:e0:c3:6e:41:ef:31:
>> 54:8b:55:cd:10:da:27:ba:a0:a3:a0:73:35:d0:3c:93:58:82:
>> ea:3d:52:18:c7:06:c5:40:ef:77:8d:33:54:78:b5:0c:6f:31:
>> ea:4e:81:42:ba:40:e9:bb:4e:52:42:6e:d5:cd:35:6b:e5:1a:
>> f4:1a:89:3a:ca:b0:8e:9e:56:a3:78:53:52:76:3d:45:5a:f6:
>> d5:aa:38:d5:7e:12:df:02:93:0a:0f:3b:34:6c:34:7b:50:8b:
>> b2:6d:74:f2:6f:63:82:6a:6f:7f:7d:d2:c3:56:7b:dc:11:e9:
>> dd:5c:3a:1c:84:65:4c:2b:a8:22:a9:7c:ff:d7:02:87:cd:a8:
>> 62:01:12:37
>> -----BEGIN CERTIFICATE-----
>> MIIF/jCCBOagAwIBAgIKHtQgpAAAAAABxjANBgkqhkiG9w0BAQUFADA7MQswCQYD
>> VQQGEwJkZTEOMAwGA1UEChMFa3RtYW4xDTALBgNVBAsTBHRlc3QxDTALBgNVBAMT
>> BENBIDAwHhcNMDgwNjMwMTIxMzIwWhcNMDkwNjMwMTIxMzIwWjBuMRIwEAYKCZIm
>> iZPyLGQBGRYCZGUxFTATBgoJkiaJk/IsZAEZFgVrdG1hbjEUMBIGCgmSJomT8ixk
>> ARkWBHRlc3QxDjAMBgNVBAMTBVVzZXJzMRswGQYDVQQDExJBZG1pbmlzdHJhdG9y
>> IENlcnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKYizXNHlKBnZ0jqKzUC
>> vaQuqnzmlS38SK+X9+HPRpvrfCiU0Kr5fHxK/QU/5JUdnnq+2wBYcFVeVDj1HLF8
>> ziolyBS0Z9FLiiRjJuaHyg0DbHIknl/Ved72lyDMRBGHb17QyrvXD7CeZJzy+vBl
>> 57+LCm18xFuXIOoYmeu5ZBsdAgMBAAGjggNTMIIDTzALBgNVHQ8EBAMCBaAwRAYJ
>> KoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcG
>> BSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBTu8F/v4CwUATCMF4MirlTkCtJM
>> RTAXBgkrBgEEAYI3FAIECh4IAFUAcwBlAHIwHwYDVR0jBBgwFoAUVRAagNIlEAQE
>> IhMbW/7nx9yVyqEwggEPBgNVHR8EggEGMIIBAjCB/6CB/KCB+YaBumxkYXA6Ly8v
>> Q049Q0ElMjAwLENOPXRva2VubWFuLTd6am02MCxDTj1DRFAsQ049UHVibGljJTIw
>> S2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz10
>> ZXN0LERDPWt0bWFuLERDPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFz
>> ZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIY6aHR0cDovL3Rva2Vu
>> bWFuLTd6am02MC50ZXN0Lmt0bWFuLmRlL0NlcnRFbnJvbGwvQ0ElMjAwLmNybDCC
>> ASUGCCsGAQUFBwEBBIIBFzCCARMwgaoGCCsGAQUFBzAChoGdbGRhcDovLy9DTj1D
>> QSUyMDAsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp
>> Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGVzdCxEQz1rdG1hbixEQz1kZT9jQUNl
>> cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0
>> eTBkBggrBgEFBQcwAoZYaHR0cDovL3Rva2VubWFuLTd6am02MC50ZXN0Lmt0bWFu
>> LmRlL0NlcnRFbnJvbGwvdG9rZW5tYW4tN3pqbTYwLnRlc3Qua3RtYW4uZGVfQ0El
>> MjAwLmNydDApBgNVHSUEIjAgBgorBgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUH
>> AwIwOgYDVR0RBDMwMaAvBgorBgEEAYI3FAIDoCEMH0FkbWluaXN0cmF0b3JDZXJ0
>> QHRlc3Qua3RtYW4uZGUwDQYJKoZIhvcNAQEFBQADggEBAA3xWEnzM4ylncZcnXyJ
>> n/RmPnLPPvUYdB8buSMfoQHcg4J0T8X8VOStczgB96050pzTU3UOj8hkJyQ07mpg
>> Lop8i9bgIWqSE38OcYzh5nY27zWOJKdClq1Ri+8k5BkoS6IMaatHqOuO5cmpMuto
>> 1QtyGekhtaoyYuDDbkHvMVSLVc0Q2ie6oKOgczXQPJNYguo9UhjHBsVA73eNM1R4
>> tQxvMepOgUK6QOm7TlJCbtXNNWvlGvQaiTrKsI6eVqN4U1J2PUVa9tWqONV+Et8C
>> kwoPOzRsNHtQi7JtdPJvY4Jqb3990sNWe9wR6d1cOhyEZUwrqCKpfP/XAofNqGIB
>> Ejc=
>> -----END CERTIFICATE-----
>
Thanx Brian!
That was the solution. I didn't import the whole root-CA-chain, only the
single CA-Cert. In certmgr the clientcert was valid, but id doesn't was
visible in the certificateselector. Now I imported the whole CA-Chain
and the client-cert will be visible in the selector.
I don't know, what there was difference, because the whole chain is only :

CA
|
- Clientcert

But now it works.
Thanx a lot!
Greetings
Pat
 

Similar threads

S
Windows activation problems
Replies
0
Views
423
senrox
S
P
Client-Cert doesn't shown in selection when SSL-login
Replies
2
Views
153
Patrick Sona
P
K
"include in CDP" extention error - Reproducible error:
Replies
1
Views
242
Saurav Sinha [MSFT]
S
S
An NTE_BAD_DATA error returned by CryptDecrypt()
Replies
0
Views
326
Sean Huang
S
G
Minidump analysis
Replies
0
Views
153
Gary Roach
G
Back
Top