Re: PKCS7 renewal request
From: Byron (Byron_at_discussions.microsoft.com)
Date: 09/19/05
- Next message: WT: "Re: Alternative store vs. MY store"
- Previous message: gP T Gr8: "CryptGenKey fails with Access Denied"
- Next in thread: Sylvain: "Re: PKCS7 renewal request"
- Maybe reply: Sylvain: "Re: PKCS7 renewal request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Sep 2005 12:11:15 -0700
Sorry I forgot to post the code...
<%' makeCert.asp - make cert in batch mode
<!-- #include FILE="makeCertCnfTest.inc" -->
<%
'********************************************************************************
Dim agent
agent = Request("agent")
response.Write("Agent: " & agent & "; ")
Dim CertEnroll, CertRequest, CACert
Set CertEnroll = CreateObject( "CEnroll.CEnroll" )
on error resume next
' Finally Create the request
Dim RequestStr, Disposition, ID, Name
set name = Request("name")
const CRYPT_EXPORTABLE = 1
CertEnroll.GenKeyFlags = CRYPT_EXPORTABLE
RequestStr = CertEnroll.createRequest( XECR_CMC, name, "1.3.6.1.5.5.7.3.2")
Dim flags
flags = CertEnroll.KeySpec
if Err.Number <> 0 then
response.Write("Certificate: Error, " & Err.number &", "&Err.Description &
"; ")
response.End
end if
'*************************************************************************************************
' Submit the request
Set CertRequest = CreateObject( "CertificateAuthority.Request" )
Disposition = CertRequest.Submit(CR_IN_ENCODEANY Or CR_IN_FORMATANY,
RequestStr, "", StrCAConfig )
ID = CertRequest.GetRequestId
'*************************************************************************************************
' get the cert
If Disposition = CR_DISP_ISSUED Then
Dim Cert
Cert = CertRequest.GetFullResponseProperty( FR_PROP_FULLRESPONSE, 0,
PROPTYPE_BINARY, CR_OUT_BASE64 )
CertEnroll.acceptResponse Cert
response.Write("Certificate: Ok " & "; ")
Else
response.Write("Certificate: Error, " & Err.Description & "; ")
response.End
End If
'*************************************************************************************************
'get the pfx in a File
Err.Clear
dim Path, binData, currDate, strDat
currDate = Now
strDat = DatePart("M",currDate) & DatePart("D",currDate) &
DatePart("YYYY",currDate) & _
DatePart("H",currDate) & DatePart("N",currDate) & DatePart("S",currDate)
Path = PfxRepository + agent + strDat + ".pfx"
CertEnroll.createFilePFX CAPsw, Path
Dim fs
Set fs = CreateObject("CFS.AuxCert")
binData = fs.SerializeAsHexaString(Path)
if Err.number <> 0 then
Response.Write("P12 Error " & Err.number & ": " & Err.Description & "; ")
else
Response.Write("P12 Ok; ")
end if
'*************************************************************************************************
'get the expiration Date
Err.Clear
Dim varDat
varDat = fs.getExpirationDate(Path, CAPsw,"-")
if Err.number <> 0 then
Response.Write("Date Error " & Err.number & ": " & Err.Description & "; ")
else
Response.Write("Date Ok; ")
end if
'*************************************************************************************************
'DB2 Connection
Dim Con, Com, Rs, Ret
Dim PKCEXD, PKAGID, PKP12, PKCB64
PKCEXD = varDat
PKAGID = Request("agent")
PKIDAG = Request("agentID")
PKTPAG = Request("agentType")
PKP12 = binData
PKCB64 = Cert
Err.Clear
set Con = Server.CreateObject("ADODB.Connection")
Con.Open ConStr, User, Pasword
Set Com = Server.CreateObject("ADODB.Command")
Set Com.ActiveConnection = Con
Com.CommandText = "UPDATE NEWBUS.PKI SET PKCB64='" & PKCB64 & "',
PKCEXD='" & PKCEXD & "', PKP12='" & PKP12 & "' WHERE PKAGID='" & PKAGID & "'"
Com.Execute Ret
If Ret <> 0 then
response.Write("DB: Update Ok " & "; ")
else
Com.CommandText = "INSERT INTO NEWBUS.PKI (PKAGID, PKCB64, PKCEXD,
PKP12, PKIDAG, PKTPAG) VALUES ('" & PKAGID & "', '" & PKCB64 & "', '" &
PKCEXD & "', '" & PKP12 & "', '" & PKIDAG & "', '" & PKTPAG & "')"
Com.Execute Ret
If Ret = 0 Then
response.Write("DB: Error " & "; ")
else
response.Write("DB: Insert Ok " & "; ")
End If
end If
if Err.number <> 0 then
response.Write("DB: Error " & Err.Description & "; ")
end if
Con.Close
%>
"Strohm Armstrong" wrote:
> Have you looked at
> http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dncapi/html/certenrollment.asp#certenroll_topic8
>
> It looks like you have most everything except for the call to
> put_RenewalCertificate. I assume you called CertGetCertificateContextProperty
> a second time to actually get the provider information, event though its not
> in your example code.
>
>
> "crypton" wrote:
>
> > I was not able to create a renewal request with the above code. The
> > code still fails in createRequest.
> >
> > There is almost no documentation available for creating a pkcs7 renewal
> > request.
> >
> >
- Next message: WT: "Re: Alternative store vs. MY store"
- Previous message: gP T Gr8: "CryptGenKey fails with Access Denied"
- Next in thread: Sylvain: "Re: PKCS7 renewal request"
- Maybe reply: Sylvain: "Re: PKCS7 renewal request"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
