惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Register - Security
The Register - Security
A
About on SuperTechFans
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
N
Netflix TechBlog - Medium
量子位
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
H
Help Net Security
D
Docker
D
DataBreaches.Net
T
Tailwind CSS Blog
阮一峰的网络日志
阮一峰的网络日志
B
Blog
博客园 - 聂微东
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
The Cloudflare Blog
F
Full Disclosure
GbyAI
GbyAI
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
博客园 - Franky
MongoDB | Blog
MongoDB | Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
小众软件
小众软件
V
Visual Studio Blog
月光博客
月光博客
Stack Overflow Blog
Stack Overflow Blog
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
J
Java Code Geeks
雷峰网
雷峰网
P
Privacy & Cybersecurity Law Blog
C
Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
美团技术团队
N
News | PayPal Newsroom
G
Google Developers Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
博客园_首页
V
Vulnerabilities – Threatpost

博客园 - vuejs3

More on SQL Server Service Broker [转]Android试验:如果View的ID相同会出现什么效果? 父子关系排序,无确定根节点 Silverlight 操作技巧 [文摘]怎么使用Sticky Footer代码(让页脚紧贴页面底部的方法) Sharepoint development toolbox 通过对象模型上传List Template - vuejs3 - 博客园 在文档库中隐藏多文件上传/Disable the Upload Multiple Document option in Document Library - vuejs3 [转]SharePoint Document Library and List – File Upload ASP.NET 2.0 TreeView控件在IE7中断开的连接线 Team Foundation Server讲义 如何在WSS中利用KeywordQuery创建搜索查询 SharePoint Web Service的身份验证 SharePoint开发中对ListViewWebPart的几个操作 【转】免费SharePoint资源 Enum操作技巧 LINQ概述-通用和便利的信息查询方式 NetShopForge网上商店程序(VB)源码—讨论-发布 Microsoft AJAX添加自定义智能感知(intellisense)
通过CertEnroll在CA上(1创建证书请求2得到证书3安装证书)
vuejs3 · 2008-12-15 · via 博客园 - vuejs3

0.代码下载

 CAtest20081215164652.rar

1.简要说明

证书注册API(Certificate Enrollment API)的功能是用于在客户端程序请求一个证书,请求批准后得到一个证书,然后安装证书。从vista开始使用的市CertEnroll.dll,之前使用的都是Xenroll.dll

我门的CA是Widows Certificate Services

CA即证书管理机构,受委托发放数字证书的第三方组织或公司。数字证书是用来建立数字签名和公-私(public-private)密钥对的。CA在这个过程中所起的作用就是保证获得这一独特证书的人就是被授权者本人。在数据安全和电子商务中,CA是一个非常重要的组成部分,因为它们确保信息交换各方的身份。

2.添加引用

addReferences 

using CERTENROLLLib; 
using CERTCLIENTLib;


私有变量定义 

        private const int CC_DEFAULTCONFIG = 0;
        
private const int CC_UIPICKCONFIG = 0x1;
        
private const int CR_IN_BASE64 = 0x1;
        
private const int CR_IN_FORMATANY = 0;
        
private const int CR_IN_PKCS10 = 0x100;
        
private const int CR_DISP_ISSUED = 0x3;
        
private const int CR_DISP_UNDER_SUBMISSION = 0x5;
        
private const int CR_OUT_BASE64 = 0x1;
        
private const int CR_OUT_CHAIN = 0x100;
        
private string sOK = "";

3.创建证书请求

        public string createRequest(string name, ref string strRequest)
        {
            
//  Create all the objects that will be required
            CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10Class();
            CX509PrivateKey objPrivateKey 
= new CX509PrivateKeyClass();
            CCspInformation objCSP 
= new CCspInformationClass();
            CCspInformations objCSPs 
= new CCspInformationsClass();
            CX500DistinguishedName objDN 
= new CX500DistinguishedNameClass();
            CX509Enrollment objEnroll 
= new CX509EnrollmentClass();
            CObjectIds objObjectIds 
= new CObjectIdsClass();
            CObjectId objObjectId 
= new CObjectIdClass();
            CX509ExtensionKeyUsage objExtensionKeyUsage 
= new CX509ExtensionKeyUsageClass();
            CX509ExtensionEnhancedKeyUsage objX509ExtensionEnhancedKeyUsage 
= new CX509ExtensionEnhancedKeyUsageClass();try
            {
//  Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
                objCSP.InitializeFromName(
                    
"Microsoft Enhanced Cryptographic Provider v1.0"
                );
//  Add this CSP object to the CSP collection object
                objCSPs.Add(
                    objCSP
                );
//  Provide key container name, key length and key spec to the private key object
                
//objPrivateKey.ContainerName = "AlejaCMa";
                objPrivateKey.Length = 1024;
                objPrivateKey.KeySpec 
= X509KeySpec.XCN_AT_SIGNATURE;
                objPrivateKey.KeyUsage 
= X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
                objPrivateKey.MachineContext 
= false;//  Provide the CSP collection object (in this case containing only 1 CSP object)
                
//  to the private key object
                objPrivateKey.CspInformations = objCSPs;//  Create the actual key pair
                objPrivateKey.Create();//  Initialize the PKCS#10 certificate request object based on the private key.
                
//  Using the context, indicate that this is a user certificate request and don't
                
//  provide a template name
                objPkcs10.InitializeFromPrivateKey(
                    X509CertificateEnrollmentContext.ContextUser,
                    objPrivateKey,
                    
""
                );
// Key Usage Extension 
                objExtensionKeyUsage.InitializeEncode(
                    X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE 
|
                    X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE 
|
                    X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE 
|
                    X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
                );
                objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);
// Enhanced Key Usage Extension
                objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage
                objObjectIds.Add(objObjectId);
                objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
                objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);

                objDN.Encode(
                    name,
                    X500NameFlags.XCN_CERT_NAME_STR_NONE
                );

//  Assing the subject name by using the Distinguished Name object initialized above
                objPkcs10.Subject = objDN;// Create enrollment request
                objEnroll.InitializeFromRequest(objPkcs10);
                strRequest 
= objEnroll.CreateRequest(
                    EncodingType.XCN_CRYPT_STRING_BASE64
                );
                
return sOK;

            }

catch (Exception ex)
            {
                
return ex.Message;
            }
        }

4.发送证书请求到CA,证书请求批准后的到一个证书

 public string sendRequest(string strRequest, ref  string strCert)
        {
            
//  Create all the objects that will be required
            CCertConfig objCertConfig = new CCertConfigClass();
            CCertRequest objCertRequest 
= new CCertRequestClass();
            
string strCAConfig;int iDisposition;
            
string strDisposition;try
            {
                
// Get CA config from UI
                
//strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);
                strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);// Submit the request
                iDisposition = objCertRequest.Submit(
                    CR_IN_BASE64 
| CR_IN_FORMATANY,
                    strRequest,
                    
null,
                    strCAConfig
                );
// Check the submission status
                if (CR_DISP_ISSUED != iDisposition) // Not enrolled
                {
                    strDisposition 
= objCertRequest.GetDispositionMessage();if (CR_DISP_UNDER_SUBMISSION == iDisposition) // Pending
                    {return "The submission is pending: " + strDisposition;
                    }
                    
else // Failed
                    {
                        
string sError;
                        sError 
= "The submission failed: " + strDisposition;
                        sError 
+= "Last status: " + objCertRequest.GetLastStatus().ToString();
                        
return sError;
                    }
                }
// Get the certificate
                strCert = objCertRequest.GetCertificate(
                    CR_OUT_BASE64 
| CR_OUT_CHAIN
                );
                
return sOK;

            }

catch (Exception ex)
            {
                
return ex.Message;
            }
        }

5.在客户端机器上安装证书

        public string acceptPKCS7(string strCert)
        {
            
//  Create all the objects that will be required
            CX509Enrollment objEnroll = new CX509EnrollmentClass();try
            {
// Install the certificate
                objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
                objEnroll.InstallResponse(
                    InstallResponseRestrictionFlags.AllowUntrustedRoot,
                    strCert,
                    EncodingType.XCN_CRYPT_STRING_BASE64,
                    
null
                );
return sOK;
            }
            
catch (Exception ex)
            {
                
return ex.Message;
            }
        }

6.参考

http://blogs.msdn.com/alejacma/archive/2008/09/05/how-to-create-a-certificate-request-with-certenroll-and-net-c.aspx