Decrypt my World

Cryptography, Security, Debugging and more!

How to install the response from a CA programmatically (PowerShell)

How to install the response from a CA programmatically (PowerShell)

Rate This
  • Comments 1

Hi all,

 

The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.

The following Powershell sample does that:

$strBase64Response = get-content "C:\Test\Base64.cer"
$objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment
$objEnroll.Initialize(0x2);
$objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)

 

Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.

Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

  • IX509Enrollment * pEnroll = NULL;

    BSTR  bSTR=SysAllocStringByteLen(LPCSTR(pCertBuffer),sizeof(pCertBuffer));

    hr=CoCreateInstance(

                     __uuidof(CX509Enrollment),

    NULL,

    CLSCTX_INPROC_SERVER,

    __uuidof(IX509Enrollment),

    (void**)&pEnroll);

    hr=pEnroll->Initialize(ContextUser);

    hr=pEnroll->InstallResponse(AllowNoOutstandingRequest,bSTR,XCN_CRYPT_STRING_BASE64_ANY,NULL);

    ////////

    the pCertBuffer was a root cert content , i copyed it from a .cer file.  now i want to install it automaticaly into my win7 system cert store. but  when i excute the installresponse API . it always return  the error code

    0x8007007a(means the region for system was small) . I don't known why. could you help me . my email address hh_sys126@163.com. thank you very much!

Page 1 of 1 (1 items)
Leave a Comment
  • Please add 6 and 2 and type the answer here:
  • Post
Translate This Page