How to remove a certificate from a certificate store programmatically (PowerShell)

Hi all, The following sample will remove a certificate from MY certificate store of the local machine after locating it by serial number: # Pass Serial Number of the cert you want to remove param ($serialNumber = $(throw “Please pass a certificate’s serial number to the script”)) # Access MY store of Local Machine profile…

2

How to get all certificates in the Server Certificates section of IIS Manager programmatically (PowerShell)

Hi all, The certificates in the Server Certificates section of IIS Manager (inetmgr.exe) are certificates located in MY certificate store of the local machine, and their Enhanced Key Usage is Server Authentication. The following sample gets those certs: # Get all certs in MY store of Local Machine profile $store = New-Object System.Security.Cryptography.X509Certificates.X509Store(“My”,”LocalMachine”) $store.Open(“ReadOnly”) $store.Certificates…

3

How to install the response from a CA programmatically (PowerShell)

Hi all,   The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with “Create Certificate Request…” action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the…

1

How to export issued certificates from a CA programatically (PowerShell)

Hi all,   The following sample is a conversion of How to export issued certificates from a CA programatically (C#) sample to PowerShell. It will get all the issued certs in the CA database and copy them to a folder:   #Params $strServer = “myserver”; $strCAName = “myserver-CA”; $strPathForCerts = “c:\test\”; # Constants $CV_OUT_BASE64HEADER = 0;…

4

How to export issued certificates from a CA programatically (C#)

Hi all,   The following sample is a simplification of How to get info from client certificates issued by a CA (C#), and gets all the issued certs in the CA database and copies them to a folder:   using System; using System.Windows.Forms; using System.IO; using CERTADMINLib; … // Parameters string strServer = “myserver”; string…

1

How to get info from client certificates issued by a CA (C#, VS 2010)

Hi all,   I developed this sample some time ago: How to get info from client certificates issued by a CA (C#). The other day I tried it on a new machine with Windows 7, Visual Studio 2010 and .NET Framework 4.0, and it didn’t even compile. I had to do the following to make…

3

How to use INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT with InternetQueryOption in C#

Hi all, The other day I needed to use the certificate chain context (CERT_CHAIN_CONTEXT structure) returned by a call to InternetQueryOption, in C#. The call in C++ looks like this: PCCERT_CHAIN_CONTEXT CertCtx=NULL; … if (InternetQueryOption(hReq, INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT, (LPVOID)&CertCtx, &cbCertSize)) { PCCERT_CHAIN_CONTEXT pChainContext=CertCtx; … } Some additional info about this call can be found here: Option Flags “INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT…

0

Big delay when calling SslStream.AuthenticateAsClient

Hi all, Some time ago I had a customer who was opening a SSL connection on his C# application, and he was calling SslStream.AuthenticateAsClient. His problem was that this call was taking around 15 seconds for each connection he made.  I debugged the issue and saw that the time that SslStream.AuthenticateAsClient was taking went to…

0

How to verify validity of certificates with .NET

Hi all,   The other day a customer of mine was trying to verify the validity of a certificate with a .NET code like the following: Dim cert As X509Certificate2 = New X509Certificate2(filename) Dim chain As New X509Chain() chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain chain.ChainPolicy.RevocationMode = X509RevocationMode.Online chain.ChainPolicy.VerificationFlags = _ X509VerificationFlags.IgnoreCtlSignerRevocationUnknown Or _ X509VerificationFlags.IgnoreRootRevocationUnknown Or _ X509VerificationFlags.IgnoreEndRevocationUnknown Or…

0

SignTool fails with error 0x80092006 on Windows Server 2008

Hi all,   The other day a customer of mine was trying to sign a binary with SignTool.exe using the following command line on Windows Server 2008 SP2:   Signtool.exe sign /a /f “c:\mycert.pfx” /p  “password” /t “http://timestamp.verisign.com/scripts/timstamp.dll” “c:\temp\myFile.exe”   And SignTool failed with the following error:   SignTool Error: ISignedCode::Sign returned error: 0x80092006 No…

3