From owner-auth-tf@ucdavis.edu Mon Aug 17 17:22:00 1998 Reply-To: From: "Sailesh K Gurnani" To: "auth-tf" Subject: IE and Netscape Compatibility The following is a technote describing how to move certificates from Netscape to IE. There's also some information on how to remove certificates from IE. Kind of ugly, but it seems to work. I located it and some other interesting info at: http://mmc.cind.ornl.gov/jar/MMCCerts.html -Sal Gurnani ----- Clip Here ----- Advice for Internet Explorer 4.01 Users How to transfer certificates from Netscape 4.04 to Internet Explorer 4.04 It is necessary that both versions of the browsers suppost the same (128- or 40-bit) encryption level. First, export your certificate from Netscape into a .p12 file. If you are using the US version of Internet Explorer, the import of certificates will probably fail. Due to a bug in the CS provider registration (for rsaenh.dll), the default CSP may still be rsabase.dll. Go into the the registry:\ using the program regedit. Find HKey_Local_Machine/Software/Microsoft/Cryptography/Defaults/Provider Types and change the value of "Name" string on the TYPE 001 provider from: Microsoft Base Cryptographic Provider v1.0 to Microsoft Enhanced Cryptographic Provider v1.0 Go into the View, Internet Options.... menu and select the Content tab. Under Certificates, click personal and follow the instructions to add a certificate, selecting the .p12 file you exported from Netscape. To delete a client certificate from IE Microsoft has a command-line tool for managing certificates at: http://www.microsoft.com/security/certinst.exe. You can also have to hack the registry. The registry entry corresponding to the private/public key pair in a client certificate for IE 4.0 is in HKEY_CURRENT_USER\Software\Microsoft\Cryptography\UserKeys\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates You can look at the "blob" value of a particular certificate in the My\Certificate to see which one you are deleting, and it will also contain part of the name of the private key registry entry corresponding to the particular certificate you are looking at. Unfortunately, the certificate authority for the MMC certificate will be unknown. I am working on this problem. ---- Clip Here ---- ---------------------------------------------- Sal Gurnani California Digital Library Technologies Sal.Gurnani@ucop.edu 510-987-9501