Hi Ralf,
Thank you for posting.
From your description, I understand that you're using the Xenroll and
certclient component to create certificate request and submit to the target
CA. It works well until you try creating and submiting a server certificate
request, correct?
Based on my research, the problem could be caused by the generated PKCS10
string doesn't meet the CA's requirement. I've just performed some tests
through a already generated server certificate request and submit it
through the ICertRequest interface and it works. for basic testing, you
can use the IIS server to create such a test server certificate request
(save as a txt file) and then use it to submit the request. After that, you
can check the submited cert request's attributes in the CA's management
console( if you have permission) to see whether those values differ some
from your original used ones. Here is a test code snippet I used to create
and submit a server authentication certificate(to a intranet CA):
========================
private void button1_Click(object sender, EventArgs e)
{
try
{
const int CR_IN_BASE64HEADER = 0;
const int CR_IN_BASE64 = 0x1;
const int CR_IN_PKCS10 = 0x100;
const int CR_IN_KEYGEN = 0x200;
XENROLLLib.ICEnroll4 enroll = new
XENROLLLib.CEnroll2Class();
CERTCLIENTLib.ICertRequest request = new
CERTCLIENTLib.CCertRequestClass();
string strDN = null;
strDN = "CN=" + "my_web_server_name";
strDN = strDN + ",O=" + "Microsoft";
strDN = strDN + ",OU=" + "MSDN";
strDN = strDN + ",L=" + "SH";
strDN = strDN + ",S=" + "SH";
strDN = strDN + ",C=" + "CN";
string strRequest = null;
string strAttribs = string.Empty;
string strCA = "CAServer\\CANAME";
enroll.addCertTypeToRequest("Server Authentication");
strRequest = enroll.createPKCS10(strDN,
"1.3.6.1.5.5.7.3.1");
int result = request.Submit(CR_IN_BASE64 | CR_IN_PKCS10,
strRequest,
"",
strCA);
MessageBox.Show(result.ToString());
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
====================
Hope this helps some.
Regards,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)