PRB: Digitally Signed File Cannot Be Confirmed by IE4

• Microsoft ActiveX SDK
• Microsoft SDK for Java, versions 1.5, 1.51

SYMPTOMS

When downloading a digitally signed file, rather than popping up the certificate dialog box as expected, a message box comes up indicating that the file has been digitally signed but that it cannot be confirmed.

CAUSE

Microsoft has recently confirmed a rare certificate verification problem caused by the .reg files offered as part of the tools set of the ActiveX SDK and SDK for Java 1.5x. The problem is that the .reg files, Wvtston.reg and Wvtstoff.reg, set the system to check Verisign's revocation server extraneously. This error occurs only when your system is set to check the revocation server, and the revocation server itself is down.

RESOLUTION

Use SetReg.exe available in the Internet Client SDK's \Inetsdk\Bin folder or the \bin\packsign directory of the SDK for Java 2.0x or later, rather than the .reg files in the ActiveX SDK or older SDK for Java. SetReg.exe should be used to disable Revocation checking on your machine.

By issuing the following command, the revocation server for individual certificates is disabled:

setreg 4 true 

setreg 5 true 

REFERENCES

For more information, please refer to code signing on the MSDN Online Web Workshop. Additionally, you can find information on code signing in the SDK for Java 2.0 or later in the \Sdk-java\Bin\Packsign directory.

Downloading Code on the Web is an excellent article on the MSDN Online Web Workshop that provides information on digital signing. It also contains many links to various resources related to component download.

Additional query words: revocation certificate Verisign

Keywords : kbCodeSign kbIE400 kbIE401 kbSDKJava300 kbIE302 kbSDKJava310 AXSDKCodeSign kbSDKJava320 kbIEFAQ
Version : WINDOWS: 1.5,1.51,4.0,4.01
Platform : WINDOWS
Issue type : kbprb