Certificate Enrollment API and Cryptography API provided by Microsoft enables us to programmatically apply a certificate and install it on local machine.
After referring to the sample code (enrollWithICertRequest3) which comes with the windows SDK 7.0, I found that it is possible to apply for a certificate via web service with ICertRequest3 interface. It is cool, but the side effect is that the certificate we applied for has to be installed on the local machine before we can call the createPFX method to extract the final certificate file (with a private key inclueded).
After digging into the ICertRequest3 interface I found the GetCertificate method. But what I can get from this method is a certificate surrounded with "----begin cert--- ---end cert---", which does not contain the private key infomation in it.
I do not know if I have made myself clear enough here. So what I do need is to apply for a certificate via web programmatically but without having to install it on local machine. The final pxf file is the key point :(
Below is the sample code snippet for your information.
//Get full response for installation hr = request3_interface->GetFullResponseProperty( FR_PROP_FULLRESPONSENOPKCS7, //[in] LONG PropId (FR_PROP_*) 0, //[in] LONG PropIndex PROPTYPE_BINARY, //[in] LONG PropType (PROPTYPE_* CR_OUT_BASE64, //[in] LONG Flags (CR_OUT_*)&var_fullresponse); //[out, retval] VARIANT *pvarPropertyValue if(FAILED(hr)) goto error; //Install the response hr = enroll2_interface->InstallResponse2( AllowNone, //[in] InstallResponseRestrictionFlags Restrictions var_fullresponse.bstrVal, //[in] BSTR strResponse XCN_CRYPT_STRING_BASE64, //[in] EnrodingType Encoding bstr_policyserver_password, //[in] BSTR strPassword bstr_policyserver_url, //[in] BSTR strEnrollmentPolicyServerUrl bstr_policyserver_id, //[in] BSTR strEnrollmentPolicyServerID PsfNone, //[in] PolicyServerUrlFlags EnrollmentPolicyServerFlags policy_server_authtype); //[in] X509EnrollmentAuthFlags authFlags if(FAILED(hr)) goto error; hr = enroll2_interface->CreatePFX(pwd, PFXExportEEOnly, XCN_CRYPT_STRING_BASE64, &cert_raw); if(FAILED(hr)) goto error;
Any kind of advice will be appreciated. Looking forward for your reply.
Yours,
Jordan