Hello all, I recently changed to another department within Microsoft. I am not an Escalation Engineer working with Windows SDK in general and Crypto in particular anymore. No. Now I am a Developer Evangelist fully dedicated to Windows 8 and Windows...

Hi all, You may know already that SignedXml class in .NET doesn't support the XML Advanced Electronic Signatures (XAdES) standard (more info here: Which standards does SignedXml support? ) Fortunatelly my colleagues in Microsoft France developed...

Hi all, The following sample will remove a certificate from MY certificate store of the local machine after locating it by serial number : # Pass Serial Number of the cert you want to remove param ($serialNumber = $(throw "Please pass a certificate...

Hi all, The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine , and their Enhanced Key Usage is Server Authentication . The following sample gets those...

Hi all, The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority...

Hi all, The following sample is a conversion of How to export issued certificates from a CA programatically (C#) sample to PowerShell . It will get all the issued certs in the CA database and copy them to a folder: #Params $strServer = "myserver...

Hi all, The following sample is a simplification of How to get info from client certificates issued by a CA (C#) , and gets all the issued certs in the CA database and copies them to a folder: using System; using System.Windows.Forms; using...

Hi all, I developed this sample some time ago: How to get info from client certificates issued by a CA (C#) . The other day I tried it on a new machine with Windows 7 , Visual Studio 2010 and .NET Framework 4.0 , and it didn't even compile. I had...

Hi all, The other day a customer of mine was having this issue on Windows 7 : CreateProcessAsUser fails with error 5 (Access Denied) when using Jobs . So he had a Windows service running as System in Session 0, that service created a process running...

Hi all, The other day I worked on a support case where a Windows service running as System in Session 0 was creating a process also running as System in Session 0 , and this new process failed to create another process in the logged-on user's session...

Hi all, The other day I needed to use the certificate chain context ( CERT_CHAIN_CONTEXT structure ) returned by a call to InternetQueryOption , in C# . The call in C++ looks like this: PCCERT_CHAIN_CONTEXT CertCtx=NULL; … if (InternetQueryOption...

Hi all, Some time ago a customer of mine wanted to develop PowerShell scripts to manage printers in their clustered environment. They wanted to use WMI for that. The problem they found is that while they could list the printers on a stand-alone...

Hi all, Some time ago I had a customer how had developed a custom credential provider to use with a third-party smartcard provider . This credential provider was a wrapper of MS Smartcard Credential Provider . They also put a credential provider...

Hi all, The other day a customer of mine was trying to compile and run this CertEnroll sample of mine: How to create a certificate request with CertEnroll and .NET (C#) I had developed this sample against .NET 2.0 some time ago, and it compiled...

Hi all, A customer of mine wanted to set Issuer Alternative Name ( XCN_OID_ISSUER_ALT_NAME2 - "2.5.29.18" ) extension to his certificate requests in C# in the same way we did this, and he didn't know how: How to add Subject Alternative Name to...

Hi all, If you are creating certificate requests to enroll certificates programmatically and using a code like the following: How to create a certificate request with CertEnroll and .NET (C#) , you may need to export the enrolled certificate after...

Hi all, You may know already this white paper to configure the Certificate Enrollment Web Services : Certificate Enrollment Web Services in Windows Server 2008 R2 " This paper explains how certificate enrollment Web services work in Windows...

Hi all, One of my customers was creating certificate requests programmatically with CertEnroll and a code like the following: How to create a certificate request with CertEnroll and .NET (C#) . He wanted to set Friendly Name for the enrolled certificate...

Hi all, The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#) . He wanted to set the certificate's Key Usage to Digital Signature instead...

Hi all, The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#) . After he enrolled the certificates, he realized that when he tried to...

Hi all, We've already seen How to add Subject Alternative Name to your certificate requests (C#) . What if we want to set Alternative Directory Name ( XCN_CERT_ALT_NAME_DIRECTORY_NAME ) in addition to Subject Alternative Name ( XCN_CERT_ALT_NAME_RFC822_NAME...

Hi all, The other day a customer of mine wanted to add Subject Alternative Name ( szOID_SUBJECT_ALT_NAME2 - "2.5.29.17" ) extension to his certificate requests in C# and he didn't know how. We have IX509ExtensionAlternativeNames interface for...

Hi all, Some time ago I mentioned a Microsoft SDK sample that uses CertEnroll to access the Certificate Enrollment Web Services and enroll a certificate using a template : How to access the new Certificate Enrollment Web Services programmatically...

Hi all, A customer of mine wanted to change the error messages shown to users when changing their password on Windows 7, e.g. when new and old passwords won't match, or the old password of the user is invalid, etc. On Windows XP they did that with...

Hi all, Some time ago a customer of mine was developing a native application using Fax API , which worked fine on Windows Server 2003 . On Windows Server 2008 though, when the application was being run as a service , they could see that FaxSendDocument...