473,386 Members | 1,773 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > webserver certificate

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Webserver certificate

I have a problem to enroll certificates with "Certificate Type: Computer" by
using the CCertRequest object. Beforehand I create a Certificate Signing
Request via Cenroll.createPKCS10().

The PKCS10 string is passed to the CCertRequest.submit() method which
contacts the MS 2003 Enterprise CA for enrollment. This works fine for
Certificate Templates that have a Certificate Type of User. For example the
enrollment of a Webserver certificate fails because the request is done by
using my AD credentials (<domain>\<My_Account>). The server expects a
computer to make this call.

How can I solve this problem?
Jul 3 '06 #1
4 8748
Hi Ralf,

Thank you for posting.

From your description, I understand that you're using the Xenroll and
certclient component to create certificate request and submit to the target
CA. It works well until you try creating and submiting a server certificate
request, correct?

Based on my research, the problem could be caused by the generated PKCS10
string doesn't meet the CA's requirement. I've just performed some tests
through a already generated server certificate request and submit it
through the ICertRequest interface and it works. for basic testing, you
can use the IIS server to create such a test server certificate request
(save as a txt file) and then use it to submit the request. After that, you
can check the submited cert request's attributes in the CA's management
console( if you have permission) to see whether those values differ some
from your original used ones. Here is a test code snippet I used to create
and submit a server authentication certificate(to a intranet CA):

========================
private void button1_Click(object sender, EventArgs e)
{
try
{
const int CR_IN_BASE64HEADER = 0;
const int CR_IN_BASE64 = 0x1;
const int CR_IN_PKCS10 = 0x100;
const int CR_IN_KEYGEN = 0x200;
XENROLLLib.ICEnroll4 enroll = new
XENROLLLib.CEnroll2Class();

CERTCLIENTLib.ICertRequest request = new
CERTCLIENTLib.CCertRequestClass();
string strDN = null;
strDN = "CN=" + "my_web_server_name";
strDN = strDN + ",O=" + "Microsoft";
strDN = strDN + ",OU=" + "MSDN";

strDN = strDN + ",L=" + "SH";
strDN = strDN + ",S=" + "SH";
strDN = strDN + ",C=" + "CN";


string strRequest = null;
string strAttribs = string.Empty;
string strCA = "CAServer\\CANAME";
enroll.addCertTypeToRequest("Server Authentication");

strRequest = enroll.createPKCS10(strDN,
"1.3.6.1.5.5.7.3.1");
int result = request.Submit(CR_IN_BASE64 | CR_IN_PKCS10,
strRequest,
"",
strCA);

MessageBox.Show(result.ToString());

}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}

}
====================

Hope this helps some.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 4 '06 #2
Hi Steven,

thanks for your help! I tried it again with the sample source code you have
send me and now it works. I was using an old version of the interface and
that was responsible for my problems.

Best Regards
Jul 5 '06 #3
Thanks for your followup Ralf,

Glad that you've got it working now.

Have a good day!

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Jul 6 '06 #4
Steven,

I'm trying to request a client certificate from a CA running on Windows
2003 Server. I have successfully created both a client and server
certificate and set up a secure asp.net site using those by doing it
manually with the wizards.

I need to be able to request a client certificate from within c# code.
I copied your code in this message thread and put it into a Winforms
app. I updated strCA with my CA path. When I ran the sample I got the
following error on request.Submit:

CCertRequest::Submit The parameter is incorrect. 0x80070057 (WIN32: 87)

I have made several alterations to the code over the past couple of
days, but so far have not been able to resolve this. Any help with this
issue would be greatly appreciated.

Thank you,
Ben
Steven Cheng[MSFT] wrote:
Thanks for your followup Ralf,

Glad that you've got it working now.

Have a good day!

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Jul 12 '06 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
SOAP access denied when IIS set to required client certificate
by: Bob | last post by:
I'm building a .NET web service which requires client certificate for strong security. I set IIS to require SSL and client certificate (under site properties in IIS admin, Directory Security tab,...
ASP.NET
0
Host never gets my certificate?
by: Will | last post by:
It seems that I have scoured the net and came up empty handed. I have an ASP.net app that posts xml to another company's servlet. For some transactions, they do not require a certificate, but...
ASP.NET
6
Q: to create a certificate
by: JIM.H. | last post by:
Hello, I am trying to create a certificate for our internet for our employees so that they can login to system from home. Do I have to go, for example, VeriSign to get a certificate? Can I create...
ASP.NET
5
Question about VB.Net connecting to a webserver
by: André Nogueira | last post by:
Hi there guys! I have one question... I'm doing a simple program in VB.Net 2003 that can store my personal notes, my IE favourites, some pictures, etc. I will also make an ASP.Net site (also in...
Visual Basic .NET
1
securityTokenManager loading X509 certificate
by: | last post by:
Hi, I'd like to store X509 cetificates in a central location (file server, database, etc), and load them when needed, is it practical ? and in term of implementation, can this be achieved by...
.NET Framework
0
Active Direcotory - Map a certificate to a user account
by: jakobsgaard | last post by:
It is possible to Map a certificate to a Active Directory User Account from DotNet? Please provide an example. Best regards, Ejnar Jakobsgaard...
.NET Framework
11
Obtaining SSL certificate info from SSL object - BUG?
by: John Nagle | last post by:
The Python SSL object offers two methods from obtaining the info from an SSL certificate, "server()" and "issuer()". The actual values in the certificate are a series of name/value pairs in ASN.1...
Python
2
Accessing private key in a X.509 certificate
by: ucb01 | last post by:
Hi, I am working with Visual Studio 2005 in C#. Using makecert I create a self-signed certificate A with a private key then a certificate B based on A. The first is installed in the...
.NET Framework
4
Obtain CA Certificate?
by: =?Utf-8?B?SGVyYg==?= | last post by:
For some reason my application now requires that I "Sign the ClickOnce manifests". I don't know that it ever has before. I clicked the "Create Test Certificate" and after a reinstall everything is...
.NET Framework
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!