By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,855 Members | 1,996 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,855 IT Pros & Developers. It's quick & easy.

Webserver certificate

P: n/a
I have a problem to enroll certificates with "Certificate Type: Computer" by
using the CCertRequest object. Beforehand I create a Certificate Signing
Request via Cenroll.createPKCS10().

The PKCS10 string is passed to the CCertRequest.submit() method which
contacts the MS 2003 Enterprise CA for enrollment. This works fine for
Certificate Templates that have a Certificate Type of User. For example the
enrollment of a Webserver certificate fails because the request is done by
using my AD credentials (<domain>\<My_Account>). The server expects a
computer to make this call.

How can I solve this problem?
Jul 3 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi Ralf,

Thank you for posting.

From your description, I understand that you're using the Xenroll and
certclient component to create certificate request and submit to the target
CA. It works well until you try creating and submiting a server certificate
request, correct?

Based on my research, the problem could be caused by the generated PKCS10
string doesn't meet the CA's requirement. I've just performed some tests
through a already generated server certificate request and submit it
through the ICertRequest interface and it works. for basic testing, you
can use the IIS server to create such a test server certificate request
(save as a txt file) and then use it to submit the request. After that, you
can check the submited cert request's attributes in the CA's management
console( if you have permission) to see whether those values differ some
from your original used ones. Here is a test code snippet I used to create
and submit a server authentication certificate(to a intranet CA):

========================
private void button1_Click(object sender, EventArgs e)
{
try
{
const int CR_IN_BASE64HEADER = 0;
const int CR_IN_BASE64 = 0x1;
const int CR_IN_PKCS10 = 0x100;
const int CR_IN_KEYGEN = 0x200;
XENROLLLib.ICEnroll4 enroll = new
XENROLLLib.CEnroll2Class();

CERTCLIENTLib.ICertRequest request = new
CERTCLIENTLib.CCertRequestClass();
string strDN = null;
strDN = "CN=" + "my_web_server_name";
strDN = strDN + ",O=" + "Microsoft";
strDN = strDN + ",OU=" + "MSDN";

strDN = strDN + ",L=" + "SH";
strDN = strDN + ",S=" + "SH";
strDN = strDN + ",C=" + "CN";


string strRequest = null;
string strAttribs = string.Empty;
string strCA = "CAServer\\CANAME";
enroll.addCertTypeToRequest("Server Authentication");

strRequest = enroll.createPKCS10(strDN,
"1.3.6.1.5.5.7.3.1");
int result = request.Submit(CR_IN_BASE64 | CR_IN_PKCS10,
strRequest,
"",
strCA);

MessageBox.Show(result.ToString());

}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}

}
====================

Hope this helps some.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 4 '06 #2

P: n/a
Hi Steven,

thanks for your help! I tried it again with the sample source code you have
send me and now it works. I was using an old version of the interface and
that was responsible for my problems.

Best Regards
Jul 5 '06 #3

P: n/a
Thanks for your followup Ralf,

Glad that you've got it working now.

Have a good day!

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 6 '06 #4

P: n/a
Steven,

I'm trying to request a client certificate from a CA running on Windows
2003 Server. I have successfully created both a client and server
certificate and set up a secure asp.net site using those by doing it
manually with the wizards.

I need to be able to request a client certificate from within c# code.
I copied your code in this message thread and put it into a Winforms
app. I updated strCA with my CA path. When I ran the sample I got the
following error on request.Submit:

CCertRequest::Submit The parameter is incorrect. 0x80070057 (WIN32: 87)

I have made several alterations to the code over the past couple of
days, but so far have not been able to resolve this. Any help with this
issue would be greatly appreciated.

Thank you,
Ben
Steven Cheng[MSFT] wrote:
Thanks for your followup Ralf,

Glad that you've got it working now.

Have a good day!

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Jul 12 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.