PKCS #10 Client Certificate Requests from a UNIX Client Are Rejected (286332)


The information in this article applies to:

  • Microsoft Internet Explorer 5.0 for UNIX on Sun Solaris
This article was previously published under Q286332

SYMPTOMS

When you submit a Public-Key Cryptography Standards (PKCS) #10 Client Certificate request from Internet Explorer 5 for UNIX on Solaris (the Sparc platform) to a computer running Certificate Services, the policy manager for the computer running Certificate Services automatically rejects the request.

CAUSE

The problem occurs because WCHAR in Windows is defined as 2-bytes Little Endian and it is defined in UNIX as 4-bytes Big Endian; therefore, the provider name is not sent correctly to the the computer running Certificate Services, which causes the provider names not to match and then triggers the policy to automatically reject the request.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Internet Explorer 5.0 for UNIX on Solaris Service Pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English-language version of this fix should have the following file attributes or later: 
   Size       File name      Operating system
   ------------------------------------------
   1,051,600  Libcrypt32.so  UNIX on Solaris

After you apply the hotfix, use the following steps to install the update:
  1. Copy the Libcrypt32.so.gz file to an open folder on the Solaris computer that hosts the Internet Explorer program (for example, the Tmp folder).
  2. Unzip the file by using the Gunzip utility:

    % gunzip libcrypt32.so.gz

  3. Ensure that the library file is not damaged by using the Cksum utility:

    % cksum libcrypt32.so

    Note that the result should be the following result:

    2578824155 1051600 libcrypt32.so

  4. Change the current folder to the IE/Sunos5 folder in the Internet Explorer installation folder:

    % cd /usr/local/microsoft/ie/sunos5

  5. Remove the damaged version of the Libcrypt32.so file:

    % rm libcrypt32.so

  6. Copy the Libcrypt32.so file to the Usr/Local/Microsoft/IE/Sunos5 (current) folder:

    %cp /tmp/libcrypt32.so

  7. Change the owner and permissions of the file to match the other .so files in the folder, if necessary.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

For additional information about Big Endian and Little Endian, click the article number below to view the article in the Microsoft Knowledge Base:

102025 Explanation of Big Endian and Little Endian Architecture

Modification Type:MinorLast Reviewed:10/6/2005
Keywords:kbenv kbprb kbQFE KB286332
©2004 Microsoft Corporation. All rights reserved.