The CertGetEnhancedKeyUsage function and the ExtendedKeyUsage method of the CAPICOM.Certificate object return the incorrect number of extended key usages on a computer that is running Windows XP or Windows 2000 (899313)
The information in this article applies to:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Media Center Edition
SYMPTOMSWhen you use a certificate that contains more than 100 extended key
usages (EKUs), the CertGetEnhancedKeyUsage function and the ExtendedKeyUsage
method of the CAPICOM.Certificate object return the incorrect number of
EKUs. This problem occurs on a computer that is running Microsoft Windows XP or Microsoft Windows 2000.
Note The ExtendedKeyUsage method is implemented by using the
CertGetEnhancedKeyUsage function.CAUSEThis problem occurs because the
CertGetEnhancedKeyUsage function has a limit of 100 EKUs. When this limit is exceeded, Windows XP and Windows 2000 do not work correctly. Currently, the use of more than 100 EKUs in a
single certificate is not supported.WORKAROUNDTo work around this problem, use one of the
following methods:
- Use 100 EKUs or fewer than 100 EKUs in a single certificate. If
you need more than 100 EKUs, use two or more certificates that each contain fewer than 100
EKUs.
- Use the CryptDecodeObjectEx function if you use the
Microsoft Cryptography API (CryptoAPI) functions. However, the use of more
than 100 EKUs in a single certificate is still not supported.
Note There is no workaround for this problem if you use the ExtendedKeyUsage
method of the CAPICOM.Certificate object. STATUS This
behavior is by design.
| Modification Type: | Major | Last Reviewed: | 10/18/2005 |
|---|
| Keywords: | kbtshoot kbprb KB899313 kbAudDeveloper |
|---|
|