Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / November 2007

Tip: Looking for answers? Try searching our database.

How to interface to Certificate Authority from C#

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Redpay - 29 Nov 2007 10:44 GMT
Hi,

I am looking for suggestions / best practices for creating a C# client
application that can communicate with a Microsoft Certificate Authority
running on a windows 2003 server. The application would like to submit
PKCS#10 certificate signing requests and recover the issued certifiates in
PKCS#7 format.

Thank you in advance for any suggestions.

Richard
Reply to this Message
Dominick Baier - 29 Nov 2007 10:55 GMT
there is a COM component called xenroll.dll - this is what the Windows CA
asp pages use. Not the nicest interface - but thats "the" way of doing it.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Hi,
>
[quoted text clipped - 7 lines]
>
> Richard
Reply to this Message
Redpay - 29 Nov 2007 12:36 GMT
Dear Dominick Baier.

Thank you very much for taking the time to suggest xenroll. My initial
question was not clear, so let me elaborate a little more.

I am looking for suggestions on how to submit the PKCS#10 string returned
from Xenroll's "ICEnroll4::createPKCS10" method to a Microsoft CA and
retrieve the PKCS#7 result. We alos need to retrieve CRLs from the CA, get a
list of issued Cetrs, etc...

We use xenroll on the client machine to generate the PKCS#10 request as a
string response and to import the PKCS#7 returned from a CA.

This client PC where Xenroll runs has no direct network connectivity to the
Microsoft Server hosting the CA. Rather, the PKCS#10 request is communicated
via a message queue to a remote Registration Authority (RA) who is expected
to submit the PKCS#10 to a CA via a network connection local to the RA. The
RA must then return the PKCS#7 response from the RA back via the messages
queues where it would be installed on the client using xenroll.

I suspect that I need to use the following interfaces,
ICertRequest2::GetCACertificate and and memebers from ICertAdmin2

Header Declared in Certcli.h; include Certsrv.h.
Library Use Certidl.lib.
DLL Requires Certcli.dll.  
IID IID_ICertRequest2 is defined as A4772988-4A85-4FA9-824E-B5CF5C16405A.

Was wondering if anyone else has tried this or someing similar.

Regards
Richard
Reply to this Message
Dominick Baier - 29 Nov 2007 13:32 GMT
Well -

i don't know exactly how it works - but i would have a look how the CA webpage
does it when you use the "send PKCS#10 request" option.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Dear Dominick Baier.
>
[quoted text clipped - 29 lines]
> Regards
> Richard
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.