News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Cert good on Win2k, but untrusted root always on NT  
by Dan Trubow [dtrubow at hotmail dot com]
posted on 2004/06/03

When I view this cert on either win2k or NT it shows good. But when I use the VerifyChain routine on NT it always comes up as 'Untrusted Root'.

I've upgrade the root certificates, but this seems to fail on all NT machines.

Below I've pasted the certificate (.cer file with Base64 encoding):
-----BEGIN CERTIFICATE-----
MIIEcTCCA9qgAwIBAgIQJ5vmoUPut7cy2KgjsO/BQDANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
NDAxMjAwMDAwMDBaFw0wNjAxMTkyMzU5NTlaMIGpMQswCQYDVQQGEwJVUzESMBAG
A1UECBMJTWlubmVzb3RhMRQwEgYDVQQHFAtNaW5uZWFwb2xpczETMBEGA1UEChQK
TGV4aXNOZXhpczEOMAwGA1UECxQFQmFua28xMzAxBgNVBAsUKlRlcm1zIG9mIHVz
ZSBhdCB3d3cudmVyaXNpZ24uY29tL1JQQSAoYykwMTEWMBQGA1UEAxQNd3d3LmJh
bmtvLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz9lyrWvrL5O1izPl
c9lGQ3wFpgpQt5txjABRiZpA4tS42PlhDou1yN8dZz0m/fFnZdH9DCEUOYFGio60
DNA5Dl7si6PeOOAVOYGu85iE5bt2m1XxCg4+cqYNGfrLGkkcGzcxgLNjZnUIlAkX
OijhfxOlDFKZt90E77vRu5bltPkCAwEAAaOCAYUwggGBMAkGA1UdEwQCMAAwRAYD
VR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3
dy52ZXJpc2lnbi5jb20vcnBhMAsGA1UdDwQEAwIFoDA0BgNVHSUELTArBglghkgB
hvhCBAEGCisGAQQBgjcKAwMGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcB
AQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBGBgNV
HR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRl
cm5hdGlvbmFsU2VydmVyLmNybDBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp
bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo
dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjANBgkqhkiG9w0BAQUF
AAOBgQAUmPqEovmhHN2UzD+5KPDrAK8j1cj7MsghY7je3xIk7WE4OhkWppcXnvZm
t/7cFEKiiWNhKJFnxPujNAUfx/nzEE0QkccwPEbO43VeBujTTCzFzZzK1odcl6a7
3DZlDLatovmg9C2pEcMzCCwTltseefVlJRDFLaquSX8pqTFANA==
-----END CERTIFICATE-----
by D Trubow
posted on 2004/06/03

Ok, the problem here is that I happen to use the seclib as a Window's service, which uses a different certificate store than a regular user account.

Thus, to make this work, I had to install the proper Verisign root and intermediate certificate into the Local System certificate store.

Once this was done, the cert was properly validated.

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.