Tervehdys,
Yritän tehdä pientä ohjelmaa, joka tekee sertifikaattipyynnön, ja hyväksyy CA:lta lähetetyn sertfikaatin. Tämän jälkeen sertifikaatti tallennetaan PFX-muotoon "arkistointia" varten.
Kun yritän hyväksyä .cer tiedostoa, saan vastaukseksi access denied. Kuitenkin sertfikaatin importtaus IE:hen onnistuu. IE:stä en kuitenkaan saa exportattua tiedostoa PFX-tiedostoksi.
Dim Enroll As XENROLLLib.CEnroll = New CEnroll()
...
strName = "Testi Tarvainen"
strOrgUnit = "Yksikko"
strOrg = "Yritys Oy"
strCity = "Harjavalta"
strState = "NA"
strCountry = "FI"
strDN = "CN=" & strName & ",OU=" & strOrgUnit & ",O=" & strOrg & ",L=" & strCity & ",S=" & strState & ",C=" & strCountry
strOID = "1.3.6.1.5.5.7.3.2"
strFile = "req.txt"
Enroll.createFilePKCS10(strDN, strOID, strFile)...
Enroll.acceptFileResponse(strCerFile) ' Access denied
Enroll.createFilePFX(strPassword, strFile)Kokeilin myös muita Enroll.Accept-metodeita, mutta sama ongelma kaikissa. Olisikohan mitenkään mahdollista lähettää tuota Requestea suoraan CA:lle. Tämä on siis Microsoft Certificate Service CA.
Olen yrittänyt tavata sivua http://msdn.microsoft.com/en-us/library/aa376007(VS.85).aspx
Moikka K_L!
kokeile mitä tapahtuu jos avaat Windowsin komentokehotteen, siirryt Windos\System32 -hakemistoon, kirjoitat tulkkiin:
sn -k xenroll.snk | sn -k certcli.snk & painat enter-näppäintä...
kirjoitat:
tlbimp xenroll.dll /keyfile:xenroll.snk /out:interop.xenroll.dll & painat enter-näppäintä...
kirjoitat:
tlbimp certcli.dll /keyfile:certcli.snk /out:interop.certcli.dll & painat...
kirjoitat:
gacutil -i interop.xenroll.dll | ngen install interop.xenroll.dll &...
lopuksi kirjoitat:
gacutil -i interop.certcli.dll | ngen install interop.certcli.dll & ...
'Projektiin GAC:sta referenssit interop.xenroll & interop.certcli
Imports System
Imports interop.xenroll
Imports interop.certcli
Public Partial Class MainForm
Const FR_PROP_NONE As Integer = 0
Const FR_PROP_FULLRESPONSE As Integer = 1
Const FR_PROP_STATUSINFOCOUNT As Integer = 2
Const FR_PROP_BODYPARTSTRING As Integer = 3
Const FR_PROP_STATUS As Integer = 4
Const FR_PROP_STATUSSTRING As Integer = 5
Const FR_PROP_OTHERINFOCHOICE As Integer = 6
Const FR_PROP_FAILINFO As Integer = 7
Const FR_PROP_PENDINFOTOKEN As Integer = 8
Const FR_PROP_PENDINFOTIME As Integer = 9
Const FR_PROP_ISSUEDCERTIFICATEHASH As Integer = 10
Const FR_PROP_ISSUEDCERTIFICATE As Integer = 11
Const FR_PROP_ISSUEDCERTIFICATECHAIN As Integer = 12
Const FR_PROP_ISSUEDCERTIFICATECRLCHAIN As Integer = 13
Const FR_PROP_ENCRYPTEDKEYHASH As Integer = 14
Const FR_PROP_FULLRESPONSENOPKCS7 As Integer = 15
Const XECR_PKCS10_V1_5 As Integer = 4
Const PROPTYPE_BINARY As Integer = 3
Const PROPTYPE_STRING As Integer = 4
Const CC_DEFAULTCONFIG As Integer = 0
Const CC_UIPICKCONFIG As Integer = 1
Const CR_IN_FORMATANY As Integer = 0
Const CR_OUT_BASE64 As Integer = 1
Const CR_OUT_BINARY As Integer = 2
Const CR_DISP_ISSUED As Integer = 3
Const CR_DISP_ISSUED_OUT_OF_BAND As Integer = 4
Const CR_DISP_UNDER_SUBMISSION As Integer = 5
Const CR_IN_ENCODEANY As Integer = 255
Public Sub New()
Me.InitializeComponent()
End Sub
Sub MainFormLoad(sender As Object, e As EventArgs)
Dim strName As String = Nothing
Dim strOrgUnit As String = Nothing
Dim strOrg As String = Nothing
Dim strCity As String = Nothing
Dim strState As String = Nothing
Dim strCountry As String = Nothing
Dim strDN As String = Nothing
Dim strOID As String = Nothing
Dim strFile As String = Nothing
Dim strCAConfig As String = Nothing
Dim strPassword As String = Nothing
If Dir("req.txt") <> "" Then
Kill("req.txt")
End If
Dim certEnroll As CEnroll = New CEnrollClass()
Dim certEnroll2 As CEnroll2 = New CEnroll2Class()
strName = "Testi Tarvainen"
strOrgUnit = "Yksikko"
strOrg = "Yritys Oy"
strCity = "Harjavalta"
strState = "NA"
strCountry = "FI"
strDN = "CN=" & strName & ",OU=" & _
strOrgUnit & ",O=" & strOrg & ",L=" & _
strCity & ",S=" & strState & ",C=" & _
strCountry
strOID = "1.3.6.1.5.5.7.3.2"
strFile = "req.txt"
certEnroll.createFilePKCS10(strDN, strOID, strFile)
'...
Dim certRequest As CCertRequest = New CCertRequestClass()
certRequest = CreateObject("CertificateAuthority.Request")
Dim requestStr As String = _
certEnroll.createRequest(XECR_PKCS10_V1_5, strDN, strOID)
Dim certConfig As CCertConfig = New CCertConfigClass()
strCAConfig = certConfig.GetConfig(CC_UIPICKCONFIG)
Dim disposition As Integer = _
certRequest.Submit(CR_IN_ENCODEANY Or _
CR_IN_FORMATANY,requestStr, "", StrCAConfig)
certEnroll.GetFullResponseProperty(FR_PROP_FULLRESPONSE, _
0,PROPTYPE_BINARY,CR_OUT_BASE64).ToString
certEnroll.acceptFileResponse(strFile)
certEnroll.createFilePFX(strPassword, strFile)
End Sub
End ClassKiitos vastauksestasi
Tein yllä olevat komennot, ja tulos oli Assembly interop.xenroll.dll is up to date. Samoin toiselle tiedostolle.
Kokeilin tuota koodiasi, ja kohdassa strCAConfig = certConfig.GetConfig(CC_UIPICKCONFIG) saan virheen CCertConfig::GetConfig No more data is available. 0x80070103 (WIN32: 259)
En vielä kerinnyt katsomaan mistä tuo johtuu.
Viime viikolla ennen viikonlopun viettoon lähtöä kokeilin lähettää Requestin suoraan CA:lle. Ongelmaksi ilmeisesti muodostui se, että meidän CA on workgropissa ja hakeva kone on domainissa.
objCertServ.OpenConnection("certserv00\\certsrv")Tämä aiheuttaa virheen access denied.
Aihe on jo aika vanha, joten et voi enää vastata siihen.