'Re: Certificate Enrollement Control (Xenroll) and renewal request'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: Certificate Enrollement Control (Xenroll) and renewal request
From:       aLUNZ <ascott () SIGNET ! ORG ! AU>
Date:       1998-04-16 21:43:58
[Download RAW message or body]


In a word... Dang!

We knew that we can write a control to do whatever we wanted (how about an
enrolment control that exports and forwards the private key at the time of
the request? Wouldn't that keep some conspiracy nuts happy!) but we wanted
to avoid doing that.

Xenroll was our preferred control (being Microsoft approved and all that),
and when we started playing it seemed like most of what we needed was there
(UseExistingKeySet property etc.).

It's just a pain that Xenroll does MOST of what we want to do but doesn't
have that last little extra bit to make it work.

So how do other people renew certificates?

aLUNZ

-----Original Message-----
From: Keith Vogel <keithv@MICROSOFT.COM>
To: CryptoAPI@DISCUSS.MICROSOFT.COM <CryptoAPI@DISCUSS.MICROSOFT.COM>
Date: Friday, 17 April 1998 2:37
Subject: Re: Certificate Enrollement Control (Xenroll) and renewal request s


Instead of going at it from the key container to the certificate, go at it
from the certificate to the key container. In the "MY" store there is some
certificate you want to renew. You can search for that via CN or whatever.
Hanging off of that is the CERT_KEY_PROV_INFO_PROP_ID. That property will
contain the keyspec, provider, and key container name you need. Use this
information to set the information in XEnroll.

There is no WEB based way to get to the "MY" store so you will either have
to write your own control using the CryptoAPI store functions, or you can do
the whole thing in C calling XEnroll through the IDispatch interface.

        KeithV


-----Original Message-----
From: aLUNZ [mailto:ascott@SIGNET.ORG.AU]
Sent: Wednesday, April 15, 1998 11:27 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: Certificate Enrollement Control (Xenroll) and renewal requests


G'day,

Am attempting to use Xenroll to generate Certificate Renewal requests; that
is, generate a Certificate Request based on an existing browser
certificate/key pair.

Attached is a sample web page [1] that is our attempt to do this thing. With
this page we are able to select the required CSP, further select the
individual certificate container and then produce a PKCS10 cert request for
the specified container.

The problem comes in the selection of the certificate container. The only
information available about the selected container is it's name, which, more
often than not, is a GUID. This is not necessarily useful information when
selecting certificates.

Is there any way, using scripting within a Browser, to get more information
(for e.g SubjectDN, IssuerDN etc) about the certificate stored in a named
Container?

Thanx,
aLUNZ
Oppressed Peasant at
Signet Systems Pty. Ltd.

[1] At least, it would have been, if posting to this mail list group were
not limited to 250 lines. If you really want to view the page, reply by
eMail and it will be sent by the same. If enough people are interested, then
it will be moved to a ftp site somewhere.

----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe.  Save time, search
the archives at http://microsoft.ease.lsoft.com/archives/index.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic