Re: Using Microsoft Certificate Server Programatically

From: Cindy (cindy.fisher_at_emersonProcess.com)
Date: 03/22/04 

Date: 22 Mar 2004 08:29:42 -0800

Actually, I'm trying to do this for the client, not the server. Here's
the scenario:

1. Client contacts server (web service) with encrypted registration
info.
2. Upon validation of registration info, the web service creates a
cert request on behalf of the client and sends it to the Certificate
Server.
3. The server issues the certificate (not sure how the web service
gets a hold of the cert).
4. The web service returns the certificate to the client (not sure how
to do this the most secure way).
5. The client installs the certificate and adds it to the trust.

Since we are writing the client and server (web service) code, I
figured this wouldn't be a problem. Any recommendations on how to
return the certificate safely?

Thanks,
cindy

v-raygon@online.microsoft.com (Rhett Gong [MSFT]) wrote in message news:<N8Y2JFEDEHA.3568@cpmsftngxa06.phx.gbl>...
> Hi Cindy,
> From your description, you would like to programmatically generate a certificate request from a Certificate Server, issue the certificate request and install the
> issued certificate to the certificate store.
>
> Seems that you want to do something like Certificate Wizard which comes with Internet Information Services. Generally, we use ICEnroll::create* to generate a
> certificate request. (for more information at: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/icenroll.asp)
> Then check the KB article -- "HOW TO: Programmatically Install SSL Certificates for Internet Information Server (IIS)" at:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;313624#3 and let me know if it could help to resolve your problem.
>
> thanks,
> Rhett Gong [MSFT]
> Microsoft Online Partner Support
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please reply to newsgroups only. Thanks.

Relevant Pages

  • Re: Still Need desperate help to start with ASP NET - simplified problems - HELP!!
    ... You could do it as a web service. ... The handler can draw on the webservice for information and db lookup. ... IE posts data AJAX to handler on web server ... featured application (say thick client) which does a lot of complicate ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SSL & Man In the Middle Attack
    ... >> it possible for the middle man to intercept all messages from server to me ... > server sends client a signed message along with a digital certificate. ... > client generates a random secret key, ...
    (comp.security.misc)
  • Re: activesync issue
    ... On the SBS 2003 Server open the Server Management console. ... On the "Web Server Certificate" page, choose to create a new Web server ... Install the new certificate which created in above step on mobile device: ... Access to browse the Exchange Server 2003 client after you install ...
    (microsoft.public.windows.server.sbs)