SSL and non-standard CA's (certificate authorities)

[Steve Vlcan]

I am sending messages over SSL to a proprietary server, which has an SSL
certificate installed and accessible. After I call the
HttpSendRequestEx() function, I receive several notifications in the
AsyncCallback routine. After the CONNECTED_TO_SERVER message, I receive
a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, with error code 8. This error
code is WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA.

The proprietary server is using a VeriSign TEST CA certificate. When I
use these test certificates, I install the VeriSign Test CA certificate
into my Trusted Root Certificate Store in Internet Explorer. I do this
on both the proprietary server machine, and the machine from which
WinHttp is executed from (an IIS WebServer).

So my question is what do I need to do so that WinHttp also trusts the
VeriSign Test CA?? It obviously doesn't seem like it trusts it in my
current configuration.

Thanks,
Steve

[Nesho Neshev (Microsoft)]

Steve,

Try installing the root certificate in "Local Computer, Trusted Root
Certification Authorities" store on your IIS WebServer. This way your
application will have access to it. You can do this by using MMC
Certificates snap-in.

Regards,

Nesho Neshev

Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Steve Vlcan" <svl...@bionetrix.com> wrote in message
news:3DB0727C...@bionetrix.com...

[Steve Vlcan]

When I do this through the MMC Cert snap-in, the
WINHTTP_CALLBACK_STATUS_SECURE_FAILURE error is not thrown. Previously, I
added the CA cert using IE. This seems to have stored the CA cert in a store
that applied only to the user I was logged in as at the time, not the entire
box.

Thanks for the solution!

Steve