Webserver certificate
in [CSharp]
|
Prev: Add to ArrayList
Next: WIA and svchost
From: Guru on 3 Jul 2006 14:33 I have a problem to enroll certificates with "Certificate Type: Computer" by using the CCertRequest object. Beforehand I create a Certificate Signing Request via Cenroll.createPKCS10(). The PKCS10 string is passed to the CCertRequest.submit() method which contacts the MS 2003 Enterprise CA for enrollment. This works fine for Certificate Templates that have a Certificate Type of User. For example the enrollment of a Webserver certificate fails because the request is done by using my AD credentials (<domain>\<My_Account>). The server expects a computer to make this call. How can I solve this problem?
From: Steven Cheng[MSFT] on 4 Jul 2006 06:37 Hi Ralf, Thank you for posting. From your description, I understand that you're using the Xenroll and certclient component to create certificate request and submit to the target CA. It works well until you try creating and submiting a server certificate request, correct? Based on my research, the problem could be caused by the generated PKCS10 string doesn't meet the CA's requirement. I've just performed some tests through a already generated server certificate request and submit it through the ICertRequest interface and it works. for basic testing, you can use the IIS server to create such a test server certificate request (save as a txt file) and then use it to submit the request. After that, you can check the submited cert request's attributes in the CA's management console( if you have permission) to see whether those values differ some from your original used ones. Here is a test code snippet I used to create and submit a server authentication certificate(to a intranet CA): ======================== private void button1_Click(object sender, EventArgs e) { try { const int CR_IN_BASE64HEADER = 0; const int CR_IN_BASE64 = 0x1; const int CR_IN_PKCS10 = 0x100; const int CR_IN_KEYGEN = 0x200; XENROLLLib.ICEnroll4 enroll = new XENROLLLib.CEnroll2Class(); CERTCLIENTLib.ICertRequest request = new CERTCLIENTLib.CCertRequestClass(); string strDN = null; strDN = "CN=" + "my_web_server_name"; strDN = strDN + ",O=" + "Microsoft"; strDN = strDN + ",OU=" + "MSDN"; strDN = strDN + ",L=" + "SH"; strDN = strDN + ",S=" + "SH"; strDN = strDN + ",C=" + "CN"; string strRequest = null; string strAttribs = string.Empty; string strCA = "CAServer\\CANAME"; enroll.addCertTypeToRequest("Server Authentication"); strRequest = enroll.createPKCS10(strDN, "1.3.6.1.5.5.7.3.1"); int result = request.Submit(CR_IN_BASE64 | CR_IN_PKCS10, strRequest, "", strCA); MessageBox.Show(result.ToString()); } catch (Exception ex) { MessageBox.Show(ex.ToString()); } } ==================== Hope this helps some. Regards, Steven Cheng Microsoft MSDN Online Support Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
From: Guru on 5 Jul 2006 15:09 Hi Steven, thanks for your help! I tried it again with the sample source code you have send me and now it works. I was using an old version of the interface and that was responsible for my problems. Best Regards
From: Steven Cheng[MSFT] on 5 Jul 2006 22:25 Thanks for your followup Ralf, Glad that you've got it working now. Have a good day! Regards, Steven Cheng Microsoft MSDN Online Support Lead ================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.)
From: jonesbf on 12 Jul 2006 14:23 Steven, I'm trying to request a client certificate from a CA running on Windows 2003 Server. I have successfully created both a client and server certificate and set up a secure asp.net site using those by doing it manually with the wizards. I need to be able to request a client certificate from within c# code. I copied your code in this message thread and put it into a Winforms app. I updated strCA with my CA path. When I ran the sample I got the following error on request.Submit: CCertRequest::Submit The parameter is incorrect. 0x80070057 (WIN32: 87) I have made several alterations to the code over the past couple of days, but so far have not been able to resolve this. Any help with this issue would be greatly appreciated. Thank you, Ben Steven Cheng[MSFT] wrote: > Thanks for your followup Ralf, > > Glad that you've got it working now. > > Have a good day! > > Regards, > > Steven Cheng > Microsoft MSDN Online Support Lead > > > ================================================== > > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from your issue. > > ================================================== > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > Get Secure! www.microsoft.com/security > (This posting is provided "AS IS", with no warranties, and confers no > rights.)
|
Pages: 1 Prev: Add to ArrayList Next: WIA and svchost |