How to install the response from a CA programmatically (PowerShell)

Hi all,   The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with “Create Certificate Request…” action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the…

1

Problems when compiling and running code that uses CertEnroll with .NET 4.0 and x64

Hi all,   The other day a customer of mine was trying to compile and run this CertEnroll sample of mine: How to create a certificate request with CertEnroll and .NET (C#) I had developed this sample against .NET 2.0 some time ago, and it compiled and run just fine. But my customer created a .NET…

2

How to add Issuer Alternative Name to your certificate request (C#)

Hi all,   A customer of mine wanted to set Issuer Alternative Name (XCN_OID_ISSUER_ALT_NAME2 – “2.5.29.18”) extension to his certificate requests in C# in the same way we did this, and he didn’t know how: How to add Subject Alternative Name to your certificate requests (C#) How to add Alternative Directory Name to your certificate…

2

How to export our enrolled certificates programmatically

Hi all,   If you are creating certificate requests to enroll certificates programmatically and using a code like the following: How to create a certificate request with CertEnroll and .NET (C#), you may need to export the enrolled certificate after you get the response from the Certificate Authority. You may export the certificate and its…


How to access Certificate Enrollment Web Services from non-domain joined computers

Hi all,   You may know already this white paper to configure the Certificate Enrollment Web Services: Certificate Enrollment Web Services in Windows Server 2008 R2 ” This paper explains how certificate enrollment Web services work in Windows Server 2008 R2. It also provides deployment guidance for certificate enrollment Web services in new and existing…


How to add Friendly Name to your enrolled certificates programmatically

Hi all,   One of my customers was creating certificate requests programmatically with CertEnroll and a code like the following: How to create a certificate request with CertEnroll and .NET (C#). He wanted to set Friendly Name for the enrolled certificate. Friendly Name is a property (and not an extension of the certificate) that can be…


Certificate request won’t set Key Usage to Digital Signature in enrolled certificate

Hi all,   The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). He wanted to set the certificate’s Key Usage to Digital Signature instead of Key Encipherment. So he did something like this in his code:…


Certificate request doesn’t allow the private key of the enrolled certificate to be exported

Hi all,   The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). After he enrolled the certificates, he realized that when he tried to export them using the Certificates console he couldn’t export their private key….

1

How to add Alternative Directory Name to your certificate request (C#)

Hi all,   We’ve already seen How to add Subject Alternative Name to your certificate requests (C#). What if we want to set Alternative Directory Name (XCN_CERT_ALT_NAME_DIRECTORY_NAME) in addition to Subject Alternative Name (XCN_CERT_ALT_NAME_RFC822_NAME)?   The interface we use for the alternative names has different methods that we can use depending on the value we…


How to add Subject Alternative Name to your certificate requests (C#)

Hi all,   The other day a customer of mine wanted to add Subject Alternative Name (szOID_SUBJECT_ALT_NAME2 – “2.5.29.17”) extension to his certificate requests in C# and he didn’t know how. We have IX509ExtensionAlternativeNames interface for that, and a C++ sample can be found here: enrollCustomPKCS10 “When you install the Microsoft Windows Software Development Kit…