Re: How to create a .pfx file from cert request?



Thanks Ferrix. Your information seems to be what I need but I have run
into another problem. A few hours research did not reveal an answer
so maybe you or someone here can help.

I decided not to use the temporary store technique until after making
it work with the normal (personal) store. So I did this:

: hr = pEnroll4->acceptResponseBlob (&certBlob);
: WCHAR pw [] = L"pass";
: hr = pEnroll4->createFilePFXWStr (pw, L"c:/TestCer.pfx");

acceptResponseBlob returns ok and the certificate is installed.
createFilePFXWStr returns error:

: 0x8009000b Key not valid for use in specified state.


Thanks for any insight.

Regards, Russ



On Fri, 11 Jul 2008 19:16:21 -0400, ferrix <gbs-ms@xxxxxxxxxxxxx>
wrote:

Russ wrote:

: hr = pEnroll4->acceptResponseBlob (&certBlob);

After that, I can export it into a .pfx file from IE or etc, and have
a file I can use to install the cert on another pc.

You accept the response and then call the createPFX method on the ICEnroll4.

If you don't want to "really" import it to your store during the accept,
then you can create a temporary store via CertOpenStore using
CERT_STORE_PROV_MEMORY, and set the icenroll4 to use that one by
manipulating the "MyStore*" members. Then it imports into your memory
store, you createPFX it, and then close the mem store into oblivion :)
.



Relevant Pages

  • Re: How to create a .pfx file from cert request?
    ... After that, I can export it into a .pfx file from IE or etc, and have ... You accept the response and then call the createPFX method on the ICEnroll4. ... If you don't want to "really" import it to your store during the accept, then you can create a temporary store via CertOpenStore using CERT_STORE_PROV_MEMORY, and set the icenroll4 to use that one by manipulating the "MyStore*" members. ...
    (microsoft.public.platformsdk.security)
  • RE: Diagnosing crypto problem
    ... certrificate store. ... The first part of this is for remote machines to register with the server. ... What I think should be happening is that I have a self signed cert (created ... I've a pfx file which appears to be the selfsigned cert. ...
    (microsoft.public.platformsdk.security)
  • Re: PFXExportCertStoreEx
    ... but i am not getting a valid .pfx file. ... > methods to export certificate + private key from the IE store. ... >> ii. i find the desired certificate using CertFindCertificateInStore. ...
    (microsoft.public.platformsdk.security)
  • Re: Serverzertifikat am Listener erneuern
    ... habe das importierte Zertifikat bzw. das aus dem PFX File installierte, ... Store zu installieren und wenn es wieder nicht klappt fordere ich vom ISA ... direkt ein neues Zertifikat an. ... So lange Du das Zert im richtigen Store hast, den privaten Schluessel dazu und der iSA vertraut der CA ist alles roger. ...
    (microsoft.public.de.german.isaserver)