/// <summary>
/// Load the response from the CA -- just the signed certificate, not the signers.
/// </summary>
/// <param name="pem_response">Signed certificate</param>
/// <returns>The full certificate</returns>
public static X509Certificate2 LoadResponse(string pem_response, StoreLocation loc)
{
X509Certificate2 cert;
CX509Enrollment objEnroll = new CX509Enrollment();
if (loc == StoreLocation.LocalMachine)
{
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine);
}
else
{
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
}
objEnroll.InstallResponse(
InstallResponseRestrictionFlags.AllowUntrustedRoot,
pem_response,
EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
null
);
string pfx_string = objEnroll.CreatePFX("dummypw", PFXExportOptions.PFXExportEEOnly, EncodingType.XCN_CRYPT_STRING_BASE64);
byte[] pfx_binary_data = System.Convert.FromBase64String(pfx_string);
cert = new X509Certificate2(pfx_binary_data, "dummypw", X509KeyStorageFlags.Exportable);
//CreatedCert = cert;
return(cert);
}
public void InstallResponse(string strCert, string strRequest)
{
// Create Objects
var objEnroll = new CX509Enrollment();
// Install the cert
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine);
objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowNone,
strCert, EncodingType.XCN_CRYPT_STRING_BASE64, null);
}
protected static void ExportCertificate(byte[] certificateData, string outputPath, string password)
{
var certificateEnrollmentContext = X509CertificateEnrollmentContext.ContextUser;
CX509Enrollment cx509Enrollment = new CX509Enrollment();
cx509Enrollment.Initialize(certificateEnrollmentContext);
cx509Enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, Convert.ToBase64String(certificateData), EncodingType.XCN_CRYPT_STRING_BASE64, null);
var pfx = cx509Enrollment.CreatePFX(password, PFXExportOptions.PFXExportChainNoRoot, EncodingType.XCN_CRYPT_STRING_BASE64);
using (var fs = File.OpenWrite(outputPath))
{
var decoded = Convert.FromBase64String(pfx);
fs.Write(decoded, 0, decoded.Length);
}
}
/*Install Certificate On the Machine For future Renew Expired Certificate */
public int InstallCert(string Cert)
{
// Create all the objects that will be required
CX509Enrollment objEnroll = new CX509Enrollment();
try
{
// Install the certificate
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null);
return(0);
}
catch (Exception ex)
{
Database db = new Database();
db.InsertToErrorMessageTable("", 0, ex.Message, "InstallCert");//insert Error Message into The Error Table Log In The DataBase
return(1);
}
}
public void InstallAndDownload(string certText, string password, string friendlyName)
{
var enroll = new CX509Enrollment();
enroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
enroll.CertificateFriendlyName = friendlyName;
enroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot,
certText,
EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER,
password
);
var dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString();
var pfx = enroll.CreatePFX(password, PFXExportOptions.PFXExportChainWithRoot);
var fileName = "cert.pfx";
var filePath = $@"{dir}\{fileName}";
Download(filePath, pfx);
Install(filePath, password);
}
/*Install Certificate On the Machine For future Renew Expired Certificate */
public int InstallCert(string Cert)
{
// Create all the objects that will be required
CX509Enrollment objEnroll = new CX509Enrollment();
try
{
// Install the certificate
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
objEnroll.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, null);
return(0);
}
catch (Exception ex)
{
Console.Write(ex.Message);
return(1);
}
}
public static Certificate InstallResponse(string response)
{
Trace.TraceInformation(Resources.CertificateInstallResponce);
if (String.IsNullOrWhiteSpace(response))
{
Trace.TraceError(Resources.CertificateResponseNull);
throw new ArgumentNullException(Resources.CertificateResponseNull);
}
var enrollment =
new CX509Enrollment();
enrollment.Initialize(X509CertificateEnrollmentContext.ContextMachine);
enrollment.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedCertificate, response, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null);
var cerificateData =
Convert.FromBase64String(enrollment.Certificate);
return(new Certificate(cerificateData));
}
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website)
{
CX509Enrollment response = Activator.CreateInstance(Type.GetTypeFromProgID("X509Enrollment.CX509Enrollment", true)) as CX509Enrollment;
try
{
response.Initialize(X509CertificateEnrollmentContext.ContextMachine);
response.InstallResponse(
InstallResponseRestrictionFlags.AllowUntrustedRoot,
cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
null
);
SSLCertificate servercert = (from c in GetServerCertificates()
where c.FriendlyName == cert.FriendlyName
select c).Single();
cert.SerialNumber = servercert.SerialNumber;
cert.ValidFrom = servercert.ValidFrom;
cert.ExpiryDate = servercert.ExpiryDate;
cert.Hash = servercert.Hash;
cert.DistinguishedName = servercert.DistinguishedName;
if (cert.IsRenewal && CheckCertificate(website))
{
DeleteCertificate(GetCurrentSiteCertificate(website), website);
}
AddBinding(cert, website);
}
catch (Exception ex)
{
Log.WriteError("Error adding SSL certificate", ex);
cert.Success = false;
}
return(cert);
}
static void Main(string[] args)
{
string requesterName = @"DOMAIN\otherUser";
string caName = @"CA1.DOMAIN.LOCAL\DOMAIN-CA1-CA";
string template = "User";
// signerCertificate's private key must be accessible to this process
var signerCertificate = FindCertificateByThumbprint("3f817d138f32a9a8df2aa6e43b8aed76eb93a932");
// create a new private key for the certificate
CX509PrivateKey privateKey = new CX509PrivateKey();
// http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx
privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
privateKey.MachineContext = false;
privateKey.Length = 2048;
privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE;
privateKey.Create();
// PKCS 10 Request
// we use v1 to avoid compat issues on w2k8
IX509CertificateRequestPkcs10 req = (IX509CertificateRequestPkcs10) new CX509CertificateRequestPkcs10();
req.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, template);
// PKCS 7 Wrapper
var signer = new CSignerCertificate();
signer.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64_ANY,
Convert.ToBase64String(signerCertificate.GetRawCertData()));
var wrapper = new CX509CertificateRequestPkcs7();
wrapper.InitializeFromInnerRequest(req);
wrapper.RequesterName = requesterName;
wrapper.SignerCertificate = signer;
// get CSR
var enroll = new CX509Enrollment();
enroll.InitializeFromRequest(wrapper);
var csr = enroll.CreateRequest();
//File.WriteAllText("csr.p7b", csr);
// submit
const int CR_IN_BASE64 = 1, CR_OUT_BASE64 = 1;
const int CR_IN_PKCS7 = 0x300;
ICertRequest2 liveCsr = new CCertRequest();
var disposition = (RequestDisposition)liveCsr.Submit(CR_IN_BASE64 | CR_IN_PKCS7, csr, null, caName);
if (disposition == RequestDisposition.CR_DISP_ISSUED)
{
string resp = liveCsr.GetCertificate(CR_OUT_BASE64);
//File.WriteAllText("resp.cer", resp);
// install the response
var install = new CX509Enrollment();
install.Initialize(X509CertificateEnrollmentContext.ContextUser);
install.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot,
resp, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null);
}
else
{
Console.WriteLine("disp: " + disposition.ToString());
}
Console.WriteLine("done");
Console.ReadLine();
}
public SSLCertificate InstallCertificate(SSLCertificate cert, WebSite website)
{
CX509Enrollment response = new CX509Enrollment();
try
{
response.Initialize(X509CertificateEnrollmentContext.ContextMachine);
response.InstallResponse(
InstallResponseRestrictionFlags.AllowUntrustedRoot,
cert.Certificate, EncodingType.XCN_CRYPT_STRING_BASE64HEADER,
null
);
SSLCertificate servercert = (from c in GetServerCertificates()
where c.FriendlyName == cert.FriendlyName
select c).Single();
cert.SerialNumber = servercert.SerialNumber;
cert.ValidFrom = servercert.ValidFrom;
cert.ExpiryDate = servercert.ExpiryDate;
cert.Hash = servercert.Hash;
cert.DistinguishedName = servercert.DistinguishedName;
if (cert.IsRenewal && CheckCertificate(website))
{
DeleteCertificate(GetCurrentSiteCertificate(website), website);
}
AddBinding(cert, website);
}
catch (Exception ex)
{
Log.WriteError("Error adding SSL certificate", ex);
cert.Success = false;
}
return cert;
}
