Reducing the time to perform a CRL check on isolated networks

    Hi everyone,   Writing today to pass along a solution to reduce the time for performing certificate revocation list processing (CRL checking).   This topic has been covered in other blogs in length in ways to lock down servers to prevent outgoing calls for CRL processing and delays.  Here are a few for example:…

0

How to create a certificate request on behalf of another user in C# on Windows 2003

If you’re writing an application to create a certificate request, Microsoft provides the certificate enrollment controls.  On Windows XP and Windows 2003, XEnroll is the interface that’s available for generating certificat requests.  Windows Vista made a clean break away from XEnroll and instead offers the more robust CertEnroll interface.  If you need to generate a…


How to get a Cryptographic Public Key from a Certificate in a Windows Store application

If you’re writing a Windows Store application you’ll find that the WinRT runtime is missing the X509Certificate interfaces found in .NET.  In many instances, you may want to encrypt or verify a signature with any given certificate.  That means extracting the public key out of the certificate.  .NET has the X509Certificate2 class that simply contains…


Adding certificates extensions via a Certificate Services Policy Module

Hi everyone, My name is Carlos and my expertise is in Cryptography and Certificates APIs/interfaces.  My blog posts will mostly relate to PKI questions or problems that I see customers encountering and I will talk about how to resolve them. For my first blog post, I’ll write about how to add extensions to a certificate…


How to read a certificate from a Smart Card and add it to the system store

The basic high level steps to read a certificate from a Smart Card and add it to the system store are: 1. Establish a Smart Card context using SCardEstablishContext. 2. Display the select card dialog box. 3. Get the card type provider name. 4. Acquire the CSP context. 5. Get the user key. 6. Get…


Passing the flag CERT_CLOSE_STORE_FORCE_FLAG to CertCloseStore may cause your application to crash.

CertCloseStore is called with flag CERT_CLOSE_STORE_FORCE_FLAG. This flag forces CertCloseStore to free memory for all contexts associated with the store. This flag can be safely used only when the store is opened in a function and neither the store handle nor any of its contexts are passed to any called functions. To force the freeing…


VB.NET code to find a certificate with its issuer name and display its contents – small post but helpful

This is a small blog post but I found it handy and useful to document. I created a test certificate with name “shmisra” and kept it in the “Personal” store in the users profile as shown below. I read this certificate and print its details using the code shown below. Imports System Imports System.Security.Cryptography Imports…


Steps to sign a file using Signtool.exe

You may have a situation where you need to sign a file which may be an a. .exe b. .cab c. .cat d. .ocx e. .dll f. .stl Using the CryptoAPI “signtool.exe”, the files can be digitally signed. Digitally signing a file essentially involves two steps. 1. Obtaining a code signing certificate that has an…

2