// enroll a certificate based on given template name
public static void EnrollCert(
string templateName,
string subjectName,
string friendlyName)
{
// create a CX509Enrollment object
// either from CX509EnrollmentClass or CX509Enrollment should work
//CX509EnrollmentClass objEnroll = new CX509EnrollmentClass();
CX509Enrollment objEnroll = new CX509Enrollment();
// initialize the CX509Enrollment object
objEnroll.InitializeFromTemplateName(
X509CertificateEnrollmentContext.ContextUser,
templateName);
// set up the subject name
//
// first get the request
IX509CertificateRequest iRequest = objEnroll.Request;
// then get the inner PKCS10 request
IX509CertificateRequest iInnerRequest =
iRequest.GetInnerRequest(InnerRequestLevel.LevelInnermost);
IX509CertificateRequestPkcs10 iRequestPkcs10 =
iInnerRequest as IX509CertificateRequestPkcs10;
// create CX500DistinguishedName
CX500DistinguishedName objName = new CX500DistinguishedName();
objName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
// set up the subject name
iRequestPkcs10.Subject = objName;
// set up friendly name
objEnroll.CertificateFriendlyName = friendlyName;
// enroll for the certificate, which should install the certficate
// in MY store if the certificate is successfully issued by CA
objEnroll.Enroll();
}
// enroll a certificate based on given template name
public static void EnrollCert(
string templateName,
string subjectName,
string friendlyName)
{
// create a CX509Enrollment object
// either from CX509EnrollmentClass or CX509Enrollment should work
//CX509EnrollmentClass objEnroll = new CX509EnrollmentClass();
CX509Enrollment objEnroll = new CX509Enrollment();
// initialize the CX509Enrollment object
objEnroll.InitializeFromTemplateName(
X509CertificateEnrollmentContext.ContextUser,
templateName);
// set up the subject name
//
// first get the request
IX509CertificateRequest iRequest = objEnroll.Request;
// then get the inner PKCS10 request
IX509CertificateRequest iInnerRequest =
iRequest.GetInnerRequest(InnerRequestLevel.LevelInnermost);
IX509CertificateRequestPkcs10 iRequestPkcs10 =
iInnerRequest as IX509CertificateRequestPkcs10;
// create CX500DistinguishedName
CX500DistinguishedName objName = new CX500DistinguishedName();
objName.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
// set up the subject name
iRequestPkcs10.Subject = objName;
// set up friendly name
objEnroll.CertificateFriendlyName = friendlyName;
// enroll for the certificate, which should install the certficate
// in MY store if the certificate is successfully issued by CA
objEnroll.Enroll();
}
public bool enrollWithIX509EnrollmentHelper()
{
bool bRet = true;
try
{
IX509EnrollmentPolicyServer objPolicyServer = null;
IX509CertificateTemplates objTemplates = null;
IX509CertificateTemplate objTemplate = null;
IX509EnrollmentHelper objEnrollHelper = null;
IX509Enrollment2 objEnroll2 = null;
objPolicyServer = new CX509EnrollmentPolicyWebService();
objPolicyServer.Initialize(
m_strPolicyServerUrl,
null,
m_PolicyServerAuthType,
true,
m_context);
//This call sets authentication type and authentication credential
//to policy server to the object referenced by objPolicyServer.
//This call is necessary even for Kerberos authentication type.
objPolicyServer.SetCredential(
0,
m_PolicyServerAuthType,
m_strPolicyServerUsername,
m_strPolicyServerPassword);
objPolicyServer.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
objTemplates = objPolicyServer.GetTemplates();
objTemplate = objTemplates.get_ItemByName(m_strTemplateName);
//There is no need to cache credential for Kerberos authentication type
if (m_EnrollmentServerAuthType == X509EnrollmentAuthFlags.X509AuthUsername)
{
objEnrollHelper = new CX509EnrollmentHelper();
objEnrollHelper.Initialize(m_context);
//This call caches the authentication credential to
//enrollment server in Windows vault
objEnrollHelper.AddEnrollmentServer(
m_strEnrollmentServerUrl,
m_EnrollmentServerAuthType,
m_strEnrollmentServerUsername,
m_strEnrollmentServerPassword);
}
objEnroll2 = new CX509Enrollment();
objEnroll2.InitializeFromTemplate(
m_context,
objPolicyServer,
objTemplate);
//This call reads authentication cache to
//enrollment server from Windows vault
objEnroll2.Enroll();
}
catch (Exception e)
{
bRet = false;
Console.WriteLine("Error: {0}", e.Message);
}
if (bRet)
{
Console.WriteLine("Certificate enrollment succeeded.");
}
else
{
Console.WriteLine("Certificate enrollment failed.");
}
return(bRet);
}
public bool enrollWithIX509EnrollmentHelper()
{
bool bRet = true;
try
{
IX509EnrollmentPolicyServer objPolicyServer = null;
IX509CertificateTemplates objTemplates = null;
IX509CertificateTemplate objTemplate = null;
IX509EnrollmentHelper objEnrollHelper = null;
IX509Enrollment2 objEnroll2 = null;
objPolicyServer = new CX509EnrollmentPolicyWebService();
objPolicyServer.Initialize(
m_strPolicyServerUrl,
null,
m_PolicyServerAuthType,
true,
m_context);
//This call sets authentication type and authentication credential
//to policy server to the object referenced by objPolicyServer.
//This call is necessary even for Kerberos authentication type.
objPolicyServer.SetCredential(
0,
m_PolicyServerAuthType,
m_strPolicyServerUsername,
m_strPolicyServerPassword);
objPolicyServer.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
objTemplates = objPolicyServer.GetTemplates();
objTemplate = objTemplates.get_ItemByName(m_strTemplateName);
//There is no need to cache credential for Kerberos authentication type
if (m_EnrollmentServerAuthType == X509EnrollmentAuthFlags.X509AuthUsername)
{
objEnrollHelper = new CX509EnrollmentHelper();
objEnrollHelper.Initialize(m_context);
//This call caches the authentication credential to
//enrollment server in Windows vault
objEnrollHelper.AddEnrollmentServer(
m_strEnrollmentServerUrl,
m_EnrollmentServerAuthType,
m_strEnrollmentServerUsername,
m_strEnrollmentServerPassword);
}
objEnroll2 = new CX509Enrollment();
objEnroll2.InitializeFromTemplate(
m_context,
objPolicyServer,
objTemplate);
//This call reads authentication cache to
//enrollment server from Windows vault
objEnroll2.Enroll();
}
catch (Exception e)
{
bRet = false;
Console.WriteLine("Error: {0}", e.Message);
}
if (bRet)
Console.WriteLine("Certificate enrollment succeeded.");
else
Console.WriteLine("Certificate enrollment failed.");
return bRet;
}
