client certs

[Craig White]

On Wed, 2008-12-10 at 19:32 -0500, Jason Wittlin-Cohen wrote:
> >server certs seem fine but generated client cert in Windows shows
> >"Windows does not have enough information to verify" and yes, I have
> >loaded the 'ca.der' file generated by the instructions on the Windows
> >client and that installs in 'Trusted Root Authorities'. The 'client'
> >cert seems to install in 'Other People', and does include the
> >XPextensions stuff.
> >
> >Craig
> 
> Craig,
> 
> You have to install the root certificate and client certificate to the
> correct certificate store. You have two options - the machine store or
> the personal certificate store of your current Windows user. The
> personal certificate store is probably what you want.
> 
> Double click the client certificate, select "install certificate" and
> choose "Place the certificate in the following store". Select the
> "Personal" certificate store. That should solve your problem.
----
Thanks...I sort of thought so but this has been a frustrating experience
and I'm not that dumb.

Is it normal for this 'client' certificate to show "Windows does not
have enough information to verify this certificate" when you view it?

I did take the 'ca.der' and that is loaded in 'Trusted Root Authorities'
and seems to be happy there but the client certificate, even newly
generated from the scripts and the new Makefile from Ivan still shows
that warning. It seems possible to me that the certificate provided by
the server should provide the link between the CA certificate and the
client certificate installed on the Windows client and make it happy but
I haven't gotten this to work right - at least consistently.

Craig