!@#$% Cert Server

[Scott]

W2K, SP2 (must be SP2 due to other s/w installed)

I've installed MS Cert Server about 10 times now. I've installed all
updates from www.windowsupdate.com (other than SP4). I've applied Q323172
(several times). I've added the Cert Server FQDN to my list of trusted
sites. I've rebooted countless times. But I still get the "Downloading
ActiveX Control" hang within IE 6.0 SP1.

Does anyone know how to get rid of this problem? Do I have to generate
client side cert requests from the browser into which I will install the
cert? I assume so, since that is how the private key is generated (???). I
can generate cert requests fine using Netscape, which I also have installed
on this machine. But I assume the installation of the cert would fail since
the private key would be missing (???).

Thanks,
Scott

 

[Keith W. McCammon]

Yeah, that thing's a genuine piece. I've been able to get most clients to
work by applying and re-applying that fix to both clients and server, with
no discernable rhyme or reason as to why some fail and some succeed.

I finally corrected the problem on my corporate network by upgrading to 2003
(MS: Maybe if we leave this thing broken long enough, they'll finally
upgrade?).

However, for personal use/tinkering, as well as for smaller consulting
clients, I've had tremendous success with OpenSSL.

 

[Scott]

Yeah, I *finally* got past the "Downloading ActiveX Control" by uninstalling
Cert Srv, reboot, reinstall Cert Srv, reboot, install fix, reboot, install
fix again, reboot, install fix again, reboot. Honest :-(. After applying
the fix 3 times, it finally "took".

BUT...now I get this error. Any ideas?

Error


Your request failed. An error occurred while the server was processing your
request.

Contact your administrator for further assistance.



Request Mode:
newreq - New Request
Disposition:
(never set)
Disposition message:
(none)
Result:
The binding handle is invalid. 0x800706a6 (WIN32: 1702)
COM Error Info:
CCertRequest::Submit The binding handle is invalid. 0x800706a6 (WIN32: 1702)
LastStatus:
The operation completed successfully. 0x0 (0)
Suggested Cause:
No suggestions.


No hits on "certificate binding handle is invalid" (all words) on the M$ KB.
OK, plenty of hits, none that applied to Cert Srv.

So OpenSSL will let me generate client side and server (SSL) certs? This is
all for testing/sandbox use, not production.

Cheers,
Scott

Damn, I miss my Unix box...

 

[Keith W. McCammon]

Yeah, I *finally* got past the "Downloading ActiveX Control" by
uninstalling

Cert Srv, reboot, reinstall Cert Srv, reboot, install fix, reboot, install
fix again, reboot, install fix again, reboot. Honest :-(. After applying
the fix 3 times, it finally "took".

Yep, same process over here...

BUT...now I get this error. Any ideas?

You guess is as good as mine on that one.

So OpenSSL will let me generate client side and server (SSL) certs? This is
all for testing/sandbox use, not production.

Yep, although there's no fancy GUI. But if you're UNIX-handy, streamlining
it shouldn't be too much of a problem. Or, since it is for sandbox use, you
could try the CA in 2003 by using an eval or MSDN license.