Re: How could my program support enterprise CA?
From: Alon Bar-Lev (alon_at_xor-t.com)
Date: 05/12/04
- Next message: Ivan Mayrakov: "Re: Custom GINA.DLL and Windows XP themes"
- Previous message: Alon Bar-Lev: "Authenticode Timestamp Protocol"
- In reply to: Allie: "How could my program support enterprise CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 May 2004 19:33:23 +0200
Dear Allie,
This is the classic question...
It can be done, but It invloves in C++ programming...
You need to create a pkcs10 request and sign it using certificate request
agent certificate into a pkcs#7.
The pkcs#7 must have an authenticated attribute as name value pair, when
name is RequesterName and value is the target SAM account.
1. You encode the name value pair using CryptEncodeObject with
szOID_ENROLLMENT_NAME_VALUE_PAIR ("RequesterName", "XXX\SAM User") from
CRYPT_ENROLLMENT_NAME_VALUE_PAIR to CRYPT_ATTR_BLOB.
2. You make CRYPT_ATTRIBUTE to point to it.
3. You sign a pkcs#10 as binary data using CryptSignMessage put the
CRYPT_ATTRIBUTE as an authenticated attribute.
4. Use ICertRequest to forward your request to the CA.
Best Regards,
Alon Bar-Lev.
"Allie" <moonghost@tom.com> wrote in message
news:%23ra$sjJNEHA.3348@TK2MSFTNGP09.phx.gbl...
> Hello all,
> How could I using my own program to issue certificates support
microsoft
> enterprise CA?
> eg.sending a request to enterprise CA and then the enterprise CA issue
a
> cert to a AD user?
> What should I do with this request?
>
>
- Next message: Ivan Mayrakov: "Re: Custom GINA.DLL and Windows XP themes"
- Previous message: Alon Bar-Lev: "Authenticode Timestamp Protocol"
- In reply to: Allie: "How could my program support enterprise CA?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
