How to install the response from a CA programmatically (PowerShell)

Hi all,   The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with “Create Certificate Request…” action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the…

1

Problems when compiling and running code that uses CertEnroll with .NET 4.0 and x64

Hi all,   The other day a customer of mine was trying to compile and run this CertEnroll sample of mine: How to create a certificate request with CertEnroll and .NET (C#) I had developed this sample against .NET 2.0 some time ago, and it compiled and run just fine. But my customer created a .NET…

2

How to add Issuer Alternative Name to your certificate request (C#)

Hi all,   A customer of mine wanted to set Issuer Alternative Name (XCN_OID_ISSUER_ALT_NAME2 – “2.5.29.18”) extension to his certificate requests in C# in the same way we did this, and he didn’t know how: How to add Subject Alternative Name to your certificate requests (C#) How to add Alternative Directory Name to your certificate…

2

How to export our enrolled certificates programmatically

Hi all,   If you are creating certificate requests to enroll certificates programmatically and using a code like the following: How to create a certificate request with CertEnroll and .NET (C#), you may need to export the enrolled certificate after you get the response from the Certificate Authority. You may export the certificate and its…

0

How to access Certificate Enrollment Web Services from non-domain joined computers

Hi all,   You may know already this white paper to configure the Certificate Enrollment Web Services: Certificate Enrollment Web Services in Windows Server 2008 R2 ” This paper explains how certificate enrollment Web services work in Windows Server 2008 R2. It also provides deployment guidance for certificate enrollment Web services in new and existing…

0

How to add Friendly Name to your enrolled certificates programmatically

Hi all,   One of my customers was creating certificate requests programmatically with CertEnroll and a code like the following: How to create a certificate request with CertEnroll and .NET (C#). He wanted to set Friendly Name for the enrolled certificate. Friendly Name is a property (and not an extension of the certificate) that can be…

0

Certificate request won’t set Key Usage to Digital Signature in enrolled certificate

Hi all,   The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). He wanted to set the certificate’s Key Usage to Digital Signature instead of Key Encipherment. So he did something like this in his code:…

0

Certificate request doesn’t allow the private key of the enrolled certificate to be exported

Hi all,   The other day a customer of mine was creating certificate requests with a code like the following: How to create a certificate request with CertEnroll and .NET (C#). After he enrolled the certificates, he realized that when he tried to export them using the Certificates console he couldn’t export their private key….

1

How to add Alternative Directory Name to your certificate request (C#)

Hi all,   We’ve already seen How to add Subject Alternative Name to your certificate requests (C#). What if we want to set Alternative Directory Name (XCN_CERT_ALT_NAME_DIRECTORY_NAME) in addition to Subject Alternative Name (XCN_CERT_ALT_NAME_RFC822_NAME)?   The interface we use for the alternative names has different methods that we can use depending on the value we…

0

How to add Subject Alternative Name to your certificate requests (C#)

Hi all,   The other day a customer of mine wanted to add Subject Alternative Name (szOID_SUBJECT_ALT_NAME2 – “2.5.29.17”) extension to his certificate requests in C# and he didn’t know how. We have IX509ExtensionAlternativeNames interface for that, and a C++ sample can be found here: enrollCustomPKCS10 “When you install the Microsoft Windows Software Development Kit…

0