Re: MS CA and policy module with VB 6.0
From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/11/03
- Next message: Lion Shi: "RE: S/MIME: alternative message for secure email?"
- Previous message: Lion Shi: "Re: Q322047 Does not seem to Work for Enable Themes for non Admin"
- In reply to: morfy: "MS CA and policy module with VB 6.0"
- Next in thread: morfy: "Re: MS CA and policy module with VB 6.0"
- Reply: morfy: "Re: MS CA and policy module with VB 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 10:31:40 -0700
There is no ICertEncode* interface for the EKU extension.
You will need to declare the CryptEncodeObject API and call it directly from
your VB code, and get the resulting binary blob correctly stored in a
byte-granular BSTR.
The SDK should discuss some of this. One alternative is to write a
VB-callable routine that does this for you.
Another alternative is to hard code the extension value for a client auth
EKU extension (1.3.6.1.5.5.7.3.2) in your VB code, and place that value in a
BSTR to set the extension value.
Use certutil -v on a cert that has the desired extension to see the hex dump
of the extension.
Use certutil -view -restrict requestid=RequestId -out ext:all to see the hex
dump of the extension your policy module stored in the database (or use
certutil -v on the issued certificate) to make sure it is correct.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "morfy" <morfy@NOROUTE.com> wrote in message news:EDR7b.5520$ZB4.177@reader1.news.jippii.net... > Hi, > > i'm doing research on this field and have created a test policy module (made > with VB 6) for our test environment. The policy module adds an application > specific extension and this works fine. But when I look at the issued > certificate the certificate intended purpose shows <All> (looking at the > cert for example from IEs tools->internet options->content->Certificates or > certificates snap-in). This is not i want, so I thought if I add the > key_usage extension it would be what I want, but no.` > > Next step was to add the enhanced keyusage extension but didn't find any > examples of this. after reading and re-reading the platform sdk > documentation I assume the strcture used for this extension is the CTL_USAGE > (or somewhere in the documentation it was said that it is this structure) > but how can I use this from VB ? as there seems to be no ready COM-interface > to use for this (like the ICertEncodeBitString) to do the encoding. Or am I > still going wrong here ? Or do I have to make a com-component made with c++ > to do the encoding ? > > Any pointers on how to accomplish this would be much appreciated :) To > clarify what I want to do, is that the certificates only usage is to > identify the user to a remote computer (1.3.6.1.5.5.7.3.2) > > thanks, Antti > >
- Next message: Lion Shi: "RE: S/MIME: alternative message for secure email?"
- Previous message: Lion Shi: "Re: Q322047 Does not seem to Work for Enable Themes for non Admin"
- In reply to: morfy: "MS CA and policy module with VB 6.0"
- Next in thread: morfy: "Re: MS CA and policy module with VB 6.0"
- Reply: morfy: "Re: MS CA and policy module with VB 6.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
