/// <summary> /// Load the response from the CA -- just the signed certificate, not the signers. /// </summary> /// <param name="pem_response">Signed certificate</param> /// <returns>The full certificate</returns> public static X509Certificate2 LoadResponse(string pem_response, StoreLocation loc) { X509Certificate2 cert; CX509Enrollment objEnroll = new CX509Enrollment(); if (loc == StoreLocation.LocalMachine) { objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine); } else { objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); } objEnroll.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, pem_response, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); string pfx_string = objEnroll.CreatePFX("dummypw", PFXExportOptions.PFXExportEEOnly, EncodingType.XCN_CRYPT_STRING_BASE64); byte[] pfx_binary_data = System.Convert.FromBase64String(pfx_string); cert = new X509Certificate2(pfx_binary_data, "dummypw", X509KeyStorageFlags.Exportable); //CreatedCert = cert; return(cert); }
public void InstallResponse(string strCert, string strRequest) { // Create Objects var objEnroll = new CX509Enrollment(); // Install the cert objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine); objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone, strCert, EncodingType.XCN_CRYPT_STRING_BASE64, null); }
protected static void ExportCertificate(byte[] certificateData, string outputPath, string password) { var certificateEnrollmentContext = X509CertificateEnrollmentContext.ContextUser; CX509Enrollment cx509Enrollment = new CX509Enrollment(); cx509Enrollment.Initialize(certificateEnrollmentContext); cx509Enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, Convert.ToBase64String(certificateData), EncodingType.XCN_CRYPT_STRING_BASE64, null); var pfx = cx509Enrollment.CreatePFX(password, PFXExportOptions.PFXExportChainNoRoot, EncodingType.XCN_CRYPT_STRING_BASE64); using (var fs = File.OpenWrite(outputPath)) { var decoded = Convert.FromBase64String(pfx); fs.Write(decoded, 0, decoded.Length); } }
/*Install Certificate On the Machine For future Renew Expired Certificate */ public int InstallCert(string Cert) { // Create all the objects that will be required CX509Enrollment objEnroll = new CX509Enrollment(); try { // Install the certificate objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null); return(0); } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable("", 0, ex.Message, "InstallCert");//insert Error Message into The Error Table Log In The DataBase return(1); } }
public void InstallAndDownload(string certText, string password, string friendlyName) { var enroll = new CX509Enrollment(); enroll.Initialize(X509CertificateEnrollmentContext.ContextUser); enroll.CertificateFriendlyName = friendlyName; enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, certText, EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER, password ); var dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString(); var pfx = enroll.CreatePFX(password, PFXExportOptions.PFXExportChainWithRoot); var fileName = "cert.pfx"; var filePath = $@"{dir}\{fileName}"; Download(filePath, pfx); Install(filePath, password); }
/*Install Certificate On the Machine For future Renew Expired Certificate */ public int InstallCert(string Cert) { // Create all the objects that will be required CX509Enrollment objEnroll = new CX509Enrollment(); try { // Install the certificate objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null); return(0); } catch (Exception ex) { Console.Write(ex.Message); return(1); } }
public static Certificate InstallResponse(string response) { Trace.TraceInformation(Resources.CertificateInstallResponce); if (String.IsNullOrWhiteSpace(response)) { Trace.TraceError(Resources.CertificateResponseNull); throw new ArgumentNullException(Resources.CertificateResponseNull); } var enrollment = new CX509Enrollment(); enrollment.Initialize(X509CertificateEnrollmentContext.ContextMachine); enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, response, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null); var cerificateData = Convert.FromBase64String(enrollment.Certificate); return(new Certificate(cerificateData)); }
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website) { CX509Enrollment response = Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment", true)) as CX509Enrollment; try { response.Initialize(X509CertificateEnrollmentContext.ContextMachine); response.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); SSLCertificate servercert = (from c in GetServerCertificates() where c.FriendlyName == cert.FriendlyName select c).Single(); cert.SerialNumber = servercert.SerialNumber; cert.ValidFrom = servercert.ValidFrom; cert.ExpiryDate = servercert.ExpiryDate; cert.Hash = servercert.Hash; cert.DistinguishedName = servercert.DistinguishedName; if (cert.IsRenewal && CheckCertificate(website)) { DeleteCertificate(GetCurrentSiteCertificate(website), website); } AddBinding(cert, website); } catch (Exception ex) { Log.WriteError("Error adding SSL certificate", ex); cert.Success = false; } return(cert); }
static void Main(string[] args) { string requesterName = @"DOMAIN\otherUser"; string caName = @"CA1.DOMAIN.LOCAL\DOMAIN-CA1-CA"; string template = "User"; // signerCertificate's private key must be accessible to this process var signerCertificate = FindCertificateByThumbprint("3f817d138f32a9a8df2aa6e43b8aed76eb93a932"); // create a new private key for the certificate CX509PrivateKey privateKey = new CX509PrivateKey(); // http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; privateKey.MachineContext = false; privateKey.Length = 2048; privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE; privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE; privateKey.Create(); // PKCS 10 Request // we use v1 to avoid compat issues on w2k8 IX509CertificateRequestPkcs10 req = (IX509CertificateRequestPkcs10) new CX509CertificateRequestPkcs10(); req.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, template); // PKCS 7 Wrapper var signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, Convert.ToBase64String(signerCertificate.GetRawCertData())); var wrapper = new CX509CertificateRequestPkcs7(); wrapper.InitializeFromInnerRequest(req); wrapper.RequesterName = requesterName; wrapper.SignerCertificate = signer; // get CSR var enroll = new CX509Enrollment(); enroll.InitializeFromRequest(wrapper); var csr = enroll.CreateRequest(); //File.WriteAllText("csr.p7b", csr); // submit const int CR_IN_BASE64 = 1, CR_OUT_BASE64 = 1; const int CR_IN_PKCS7 = 0x300; ICertRequest2 liveCsr = new CCertRequest(); var disposition = (RequestDisposition)liveCsr.Submit(CR_IN_BASE64 | CR_IN_PKCS7, csr, null, caName); if (disposition == RequestDisposition.CR_DISP_ISSUED) { string resp = liveCsr.GetCertificate(CR_OUT_BASE64); //File.WriteAllText("resp.cer", resp); // install the response var install = new CX509Enrollment(); install.Initialize(X509CertificateEnrollmentContext.ContextUser); install.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, resp, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null); } else { Console.WriteLine("disp: " + disposition.ToString()); } Console.WriteLine("done"); Console.ReadLine(); }
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website) { CX509Enrollment response = new CX509Enrollment(); try { response.Initialize(X509CertificateEnrollmentContext.ContextMachine); response.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null ); SSLCertificate servercert = (from c in GetServerCertificates() where c.FriendlyName == cert.FriendlyName select c).Single(); cert.SerialNumber = servercert.SerialNumber; cert.ValidFrom = servercert.ValidFrom; cert.ExpiryDate = servercert.ExpiryDate; cert.Hash = servercert.Hash; cert.DistinguishedName = servercert.DistinguishedName; if (cert.IsRenewal && CheckCertificate(website)) { DeleteCertificate(GetCurrentSiteCertificate(website), website); } AddBinding(cert, website); } catch (Exception ex) { Log.WriteError("Error adding SSL certificate", ex); cert.Success = false; } return cert; }