Re: correct steps to create X.509 cert

I ran your script again and one problem is that it does not install the new certificate so you won't see it in certificate manager snap-in. But I am not sure if this is related to your problems. The follow scripts generates a new certificate and put it in *Intermediate CA* store. You will need to manually move it back to "my" store. I haven't found a solution to that, and it could be a bug in the enrollment COM component.

var CommonName="cn=my name";
var KeyUsage = 4; //CERT_KEY_CERT_SIGN_KEY_USAGE
//CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
//CERT_NON_REPUDIATION_KEY_USAGE 0x40
//CERT_KEY_ENCIPHERMENT_KEY_USAGE 0x20
//CERT_DATA_ENCIPHERMENT_KEY_USAGE 0x10
//CERT_KEY_AGREEMENT_KEY_USAGE 0x08
//CERT_KEY_CERT_SIGN_KEY_USAGE 0x04
//CERT_OFFLINE_CRL_SIGN_KEY_USAGE 0x02
//CERT_CRL_SIGN_KEY_USAGE 0x02
//CERT_ENCIPHER_ONLY_KEY_USAGE 0x01

var req = new ActiveXObject("X509Enrollment.CX509CertificateRequestCertificate");

req.Initialize(1); //ContextUser
req.PrivateKey.ProviderName="Microsoft Base Cryptographic Provider v1.0";
req.PrivateKey.Length = 1024;
var ext = new ActiveXObject("X509Enrollment.CX509ExtensionKeyUsage");
ext.InitializeEncode(KeyUsage);
name = new ActiveXObject("X509Enrollment.CX500DistinguishedName");

name.Encode(CommonName);
req.Subject = name;
req.X509Extensions.Add(ext);
req.Encode();
var cert = req.RawData(0);

var enrollment = new ActiveXObject("X509Enrollment.CX509Enrollment");
enrollment.Initialize(1);
enrollment.InstallResponse(7, cert, 0, "");


"Haitao Li" <lht1999 [at] hotmail.com> wrote in message news:74E0F92E-0A10-470E-A6E3-339B69F59DA0@xxxxxxxxxxxxxxxx
I'll try if you tell me what your problem is.

"prueba prueba" <imrc@xxxxxxxxxxx> wrote in message news:78c6640850d1402ab5b647dd4d5a2e3a@xxxxxxxxxxxxxx
This code doesn't works with Vista, I have several problems with the objects.

Can you help me?
(short25@xxxxxxxxxxx)

.

Relevant Pages

  • Re: how to bypass a known-bad SSL certificate
    ... Is this script just for running on one machine that you control? ... might be able to just disable certificate checking in IE Advanced Options. ... > this warning for a specific certificate and/or webserver? ... Set objHTTP = WScript.CreateObject ...
    (microsoft.public.scripting.vbscript)
  • Re: how to bypass a known-bad SSL certificate
    ... Is this script just for running on one machine that you control? ... might be able to just disable certificate checking in IE Advanced Options. ... > this warning for a specific certificate and/or webserver? ... Set objHTTP = WScript.CreateObject ...
    (microsoft.public.scripting.wsh)
  • RE: How to enable certificate purpose programmatically?
    ... ' This script removes sets the "meta eku" on a particular certificate. ... Set Store = CreateObject ... Set ExtendedProperty = CreateObject ...
    (microsoft.public.platformsdk.security)
  • Re: SSL/TLS - am I doing it right?
    ... Signing a certificate request is easier: ... Why do people feel the need to wrap that up in some Perl script? ... you were using OpenSSL or M2Crypto in a way that takes care of that. ... The problem with the world is stupidity. ...
    (comp.lang.python)
  • Re: Re-enrollment of Certificate on Win 2000
    ... require certificate manager approval. ... In fact, autoenrollment in Windows ... If you are requiring CA certficate manager approval with the Windows ... > Use of included script samples are subject to the terms specified at ...
    (microsoft.public.windows.server.security)