IT 專業人員的技術資源 > 論壇首頁 > Security > Invalid certificate when using Non Repudiation in certificate

發問

Invalid certificate when using Non Repudiation in certificate

Thursday, 26 November, 2009 10:34Pete Sm1th

0
登入以投票
Why is it not possible to specify "Signature is proof of origin(non repudiation)" as a Key Usage Extension when a certificate has the Request Handling set to "Signature and smartcard Logon"? This setting is greyed out and appears to be not set.

Sorry if this is a no brainer.
- 回覆
- 引述

所有回覆

Thursday, 26 November, 2009 13:42Brian Komar [MVP]MVP

0
登入以投票
I cannot provide you the "why" it is not enabled (I agree that it should be allowed).
But, you can enable it by changing the purpose to Signature and Encryption
Brian
- 回覆
- 引述
Thursday, 26 November, 2009 13:46Pete Sm1th

0
登入以投票
Could this be why?

There are two predefined types of private keys. These keys are Signature Only(AT_SIGNATURE) and Key Exchange(AT_KEYEXCHANGE). Smartcard logon certificates must have a Key Exchange(AT_KEYEXCHANGE) private key type in order for smartcard logon to function correctly.
- 回覆
- 引述
Thursday, 26 November, 2009 15:13Pete Sm1th

0
登入以投票
That worked, thanks. I wonder if it is because kerberos needs the AT_KEYEXCHANGE private key for logon.
- 回覆
- 引述

需要協助使用論壇嗎？(常見問題集)