Re: CertOpenStore with

From: Sergio Dutra [MS] (sergio_at_online.microsoft.com)
Date: 10/08/04

• Next message: JeffWhitledge: "Re: Undocument error code from CryptExportKey"
• Previous message: Kristine: "Re: Code Review Request: ASN1 bad tag value met on EnvelopedData.Decrypt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 8 Oct 2004 08:06:15 -0700

I do not think that you can use the CERT_STORE_CREATE_NEW flag with LDAP
stores. The code should not create any new containers in the AD to be able
to store certificates. You should just be able to open the LDAP store and
then add/enum/delete certificates from it.

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Tomek" <tomasz.kustra@comprzeszow.pl> wrote in message 
news:eGetZhpoEHA.3392@TK2MSFTNGP15.phx.gbl...
>I want to send generated certificate to ldap (iPlanet)..
> And when I call CertOpenStore I have  E_ACCESSDENIED....
>
>
>
> ULONG ulLdapRes=0;
> HCERTSTORE hSt =NULL;
> CERT_LDAP_STORE_OPENED_PARA LdapPara;
>
> PLDAP hLdap = ldap_init("localhost",389);
> ulLdapRes=ldap_bind(hLdap,"uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot","qwert6",LDAP_AUTH_SIMPLE);
> // -OK -
> /*
>  .......
> */
>
>
> LdapPara.pvLdapSessionHandle=hLdap;
> // -OK -
>
> /*
>   And now what to do? Is it god URL or it must be only 
> L"uid=test,ou=OrgUnit,dc=Some?userCertificate"
> or
> L"uid=test,ou=OrgUnit,dc=Some"
>
> */
> LdapPara.pwszLdapUrl=L"LDAP://localhost:389/uid=test,ou=OrgUnit,dc=Some?userCertificate";
> //--------------
>
> hSt=CertOpenStore(CERT_STORE_PROV_LDAP,X509_ASN_ENCODING,NULL,CERT_LDAP_STORE_OPENED_FLAG
> |CERT_LDAP_STORE_UNBIND_FLAG | CERT_STORE_CREATE_NEW_FLAG,&LdapPara);
>
> /*
>  .......
> */
> CertCloseStore(hSt,0);
>
>
> Tomek 

---

• Next message: JeffWhitledge: "Re: Undocument error code from CryptExportKey"
• Previous message: Kristine: "Re: Code Review Request: ASN1 bad tag value met on EnvelopedData.Decrypt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: adding entries using jndi ... i went through couple of tutorials which mentioned that JNDI is like ... i beilieve netscape ldap sdk is one such ... because from the tutorials it appeared as if they were only interfaces ... You may want to store phone numbers for all your users. ... (comp.lang.java.programmer) Re: Active Directory User Object certificate store to personal certificate store ... Active Directory doesn't store private keys. ... the keys and certificates are stored in the user profile - you can ... > Is there a way to move AD published certs to from the Active Directory ... I can see the certs in the AD User Object cert store for ... (microsoft.public.windows.server.security) RE: EAP-TLS Client enrollment recovery. ... the private keys are not restored when you ... only restore the certificates. ... store in order to extract certificates and keys from it and then putting them ... (microsoft.public.platformsdk.security) Re: Apache: LDAP: SSL support unavailable httpd ... How did you create the certificates? ... Or is it LDAP SSL support you ... His eyes were glazed over, his fingers were lean, ... (Fedora) RE: Kerberos OpenLDAP Frontend ... I actually try to use the LDAP to store the KDC data... ... Certified Ethical Hacker (CEH) ... (comp.protocols.kerberos)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2004-10