RE: Certificate Install Problem

From your description it seems the problem is with usage property. Try to set
the usage with another
CertSetCertificateContextProperty(CERT_ENHKEY_USAGE_PROP_ID) call.

Laszlo Elteto
SafeNet, Inc.

"ersin" wrote:

Hello,

I am using Windows 2003 CA server to issue Client Authentication
certificates on smartcards. When I install the certificate through the
CA server's web page (ie http:// server / certsrv ) I can use this
certificate and related smartcard without any problem. However if I
delete the certificate from the IE certificate store and re-install it
using CertSetCertificateContextProperty function (I use a custom
program for doing this) I cannot use this certificate with some
programs. (It can be used with Outlook but not with Cisco VPN client
program).

I would like to learn if the code I am using to install the
certificate to the certificate store is correct or not. I am attaching
a copy of the function.

Ersin.

-----------------------------------
int CFunctions::ImportCertificatetoIEStore(char* containerName,
unsigned char* pbCert, int cbCert)
{

int res=0;
PCCERT_CONTEXT pCertContext = NULL;

char* tempError = NULL;
char* errNum = NULL;
char* auxErr = NULL;


if((errNum = (char*)malloc(20*sizeof(char))) == NULL) return -1;

HCRYPTPROV hProv2 = NULL;
HCERTSTORE hCertStore = NULL;


// Open Certificate Store
hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, MY_ENCODING_TYPE,
0, CERT_SYSTEM_STORE_CURRENT_USER, L"MY");

if(!hCertStore){
writeMyLog("ImportCertificatetoIEStore","importCertificate -
CertOpenSystemStore - CERT_OPEN_STORE_ERROR, during importing cert,
Error No: 0x%x", GetLastError());
return CERT_OPEN_STORE_ERROR;
}


if(!CertAddEncodedCertificateToStore(hCertStore, X509_ASN_ENCODING,
pbCert, cbCert, CERT_STORE_ADD_REPLACE_EXISTING, &pCertContext)){
writeMyLog("ImportCertificatetoIEStore", "importCertificate -
CertAddCertificateContextToStore - CERT_ADD_CERT_TO_STORE_ERROR,
during importing cert, Error No: 0x%x", GetLastError());
MessageBox(NULL,"Sertifika depoya atılırken bir hata oluştu",
"HATA", MB_OK);
return CERT_ADD_CERT_TO_STORE_ERROR;
}


DWORD dwKeyLen = pCertContext->pCertInfo-
SubjectPublicKeyInfo.PublicKey.cbData;
BYTE* pbPubKey = pCertContext->pCertInfo-
SubjectPublicKeyInfo.PublicKey.pbData;

DWORD keyUsageType=AT_KEYEXCHANGE;

CRYPT_KEY_PROV_INFO CryptKeyProvInfo;
CRYPT_KEY_PROV_INFO *pCryptKeyProvInfo;
DWORD dwPropId = CERT_KEY_PROV_INFO_PROP_ID;
DWORD dwFlags = CERT_STORE_NO_CRYPT_RELEASE_FLAG;


bool bKeyContainerFound = false;

// Name KeyContainer should be converted to WideChar
wchar_t *pwcContainer = (wchar_t *)malloc( 1024 );
memset(pwcContainer,0,1024);
mbstowcs( pwcContainer, containerName,
(size_t)strlen(containerName) );

wchar_t *pwcProvider = NULL;
pwcProvider = (wchar_t *)malloc( 1024 );
memset(pwcProvider,0,1024);
mbstowcs( pwcProvider, provider, (size_t)strlen(provider) );

// Initalize the CRYPT_KEY_PROV_INFO data structure.
CryptKeyProvInfo.pwszContainerName = pwcContainer;
CryptKeyProvInfo.pwszProvName = pwcProvider;
CryptKeyProvInfo.dwProvType = PROV_RSA_FULL;
CryptKeyProvInfo.dwFlags = CERT_SET_KEY_PROV_HANDLE_PROP_ID;
CryptKeyProvInfo.cProvParam = 0;
CryptKeyProvInfo.rgProvParam = NULL;
CryptKeyProvInfo.dwKeySpec = keyUsageType;


pCryptKeyProvInfo = &CryptKeyProvInfo;

// Set the property.
if(!(CertSetCertificateContextProperty(
pCertContext, // A pointer to the certificate where the
propertiy will be set.
dwPropId, // An identifier of the property to be set.
CERT_KEY_PROV_INFO_PROP_ID
dwFlags, // The flag used in this case is
CERT_STORE_NO_CRYPT_RELEASE_FLAG
pCryptKeyProvInfo
)))
{
writeMyLog("ImportCertificatetoIEStore","importCertificate -
CertSetCertificateContextProperty - CERT_SET_CONTEXT_PROP_ERROR,
during importing cert, Error No: 0x%x", GetLastError());
return CERT_SET_CONTEXT_PROP_ERROR;
}


int ret = CertFreeCertificateContext(pCertContext);
ret = CertCloseStore(hCertStore,CERT_CLOSE_STORE_FORCE_FLAG);

return 1;

}


.

Relevant Pages

  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: ?Expired Security Certif for MS Update
    ... MBSA should run fine on a new install. ... faith in the downloads I have, that used the expired certificate to get ... At the risk of sounding like an alien abductee, this security invasion ... Microsoft and signed by a CA that your computer trusts I would not worry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Certificate Installation Question
    ... Is it possible to have a local computer Client Authentication certificate ... have the cert as a file. ... >> with my CMAK install. ...
    (microsoft.public.internet.radius)
  • RE: CA and Windows mobile 5.0
    ... certificate or Third party certificate? ... How did you install CA on your mobile device? ... If your Windows SBS Server is running ISA Server, ...
    (microsoft.public.windows.server.sbs)