The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.
The following Powershell sample does that:
$strBase64Response = get-content "C:\Test\Base64.cer" $objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment $objEnroll.Initialize(0x2); $objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)
Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.
Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.
I hope this helps.
Alex (Alejandro Campos Magencio)
IX509Enrollment * pEnroll = NULL;
the pCertBuffer was a root cert content , i copyed it from a .cer file. now i want to install it automaticaly into my win7 system cert store. but when i excute the installresponse API . it always return the error code
0x8007007a(means the region for system was small) . I don't known why. could you help me . my email address firstname.lastname@example.org. thank you very much!