當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

通过CertEnroll在CA上（1创建证书请求2得到证书3安装证书）

發布時間：2025/3/20 编程问答 36 豆豆

生活随笔收集整理的這篇文章主要介紹了通过CertEnroll在CA上（1创建证书请求2得到证书3安装证书）小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

通過CertEnroll在CA上（1創建證書請求2得到證書3安裝證書）

原文網址：http://www.cnblogs.com/rippleyong/archive/2008/12/15/1355417.html

絕頂好文章，非常棒的代碼！！！

0.代碼下載

?CAtest20081215164652.rar

1.簡要說明

證書注冊API（CertificateEnrollment API)的功能是用于在客戶端程序請求一個證書，請求批準后得到一個證書，然后安裝證書。從vista開始使用的市CertEnroll.dll,之前使用的都是Xenroll.dll

我門的CA是Widows Certificate Services

CA即證書管理機構，受委托發放數字證書的第三方組織或公司。數字證書是用來建立數字簽名和公-私(public-private)密鑰對的。CA在這個過程中所起的作用就是保證獲得這一獨特證書的人就是被授權者本人。在數據安全和電子商務中，CA是一個非常重要的組成部分，因為它們確保信息交換各方的身份。

2.添加引用

using?CERTENROLLLib;?
using?CERTCLIENTLib;

私有變量定義?

????????private?const?int?CC_DEFAULTCONFIG?=?0;
????????private?const?int?CC_UIPICKCONFIG?=?0x1;
????????private?const?int?CR_IN_BASE64?=?0x1;
????????private?const?int?CR_IN_FORMATANY?=?0;
????????private?const?int?CR_IN_PKCS10?=?0x100;
????????private?const?int?CR_DISP_ISSUED?=?0x3;
????????private?const?int?CR_DISP_UNDER_SUBMISSION?=?0x5;
????????private?const?int?CR_OUT_BASE64?=?0x1;
????????private?const?int?CR_OUT_CHAIN?=?0x100;
????????private?string?sOK?=?"";

3.創建證書請求

????????public?string?createRequest(string?name,?ref?string?strRequest)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CX509CertificateRequestPkcs10?objPkcs10?=?new?CX509CertificateRequestPkcs10Class();
????????????CX509PrivateKey?objPrivateKey?=?new?CX509PrivateKeyClass();
????????????CCspInformation?objCSP?=?new?CCspInformationClass();
????????????CCspInformations?objCSPs?=?new?CCspInformationsClass();
????????????CX500DistinguishedName?objDN?=?new?CX500DistinguishedNameClass();
????????????CX509Enrollment?objEnroll?=?new?CX509EnrollmentClass();
????????????CObjectIds?objObjectIds?=?new?CObjectIdsClass();
????????????CObjectId?objObjectId?=?new?CObjectIdClass();
????????????CX509ExtensionKeyUsage?objExtensionKeyUsage?=?new?CX509ExtensionKeyUsageClass();
????????????CX509ExtensionEnhancedKeyUsage?objX509ExtensionEnhancedKeyUsage?=?new?CX509ExtensionEnhancedKeyUsageClass();

????????????try
????????????{

????????????????//??Initialize?the?csp?object?using?the?desired?Cryptograhic?Service?Provider?(CSP)
????????????????objCSP.InitializeFromName(
????????????????????"Microsoft?Enhanced?Cryptographic?Provider?v1.0"
????????????????);

????????????????//??Add?this?CSP?object?to?the?CSP?collection?object
????????????????objCSPs.Add(
????????????????????objCSP
????????????????);

????????????????//??Provide?key?container?name,?key?length?and?key?spec?to?the?private?key?object
????????????????//objPrivateKey.ContainerName?=?"AlejaCMa";
????????????????objPrivateKey.Length?=?1024;
????????????????objPrivateKey.KeySpec?=?X509KeySpec.XCN_AT_SIGNATURE;
????????????????objPrivateKey.KeyUsage?=?X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
????????????????objPrivateKey.MachineContext?=?false;

????????????????//??Provide?the?CSP?collection?object?(in?this?case?containing?only?1?CSP?object)
????????????????//??to?the?private?key?object
????????????????objPrivateKey.CspInformations?=?objCSPs;

????????????????//??Create?the?actual?key?pair
????????????????objPrivateKey.Create();

????????????????//??Initialize?the?PKCS#10?certificate?request?object?based?on?the?private?key.
????????????????//??Using?the?context,?indicate?that?this?is?a?user?certificate?request?and?don't
????????????????//??provide?a?template?name
????????????????objPkcs10.InitializeFromPrivateKey(
????????????????????X509CertificateEnrollmentContext.ContextUser,
????????????????????objPrivateKey,
????????????????????""
????????????????);

????????????????//?Key?Usage?Extension?
????????????????objExtensionKeyUsage.InitializeEncode(
????????????????????X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE?|
????????????????????X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
????????????????);
????????????????objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);

????????????????//?Enhanced?Key?Usage?Extension
????????????????objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");?//?OID?for?Client?Authentication?usage
????????????????objObjectIds.Add(objObjectId);
????????????????objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
????????????????objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);

????????????????objDN.Encode(
????????????????????name,
????????????????????X500NameFlags.XCN_CERT_NAME_STR_NONE
????????????????);

????????????????//??Assing?the?subject?name?by?using?the?Distinguished?Name?object?initialized?above
????????????????objPkcs10.Subject?=?objDN;

????????????????//?Create?enrollment?request
????????????????objEnroll.InitializeFromRequest(objPkcs10);
????????????????strRequest?=?objEnroll.CreateRequest(
????????????????????EncodingType.XCN_CRYPT_STRING_BASE64
????????????????);
????????????????return?sOK;

????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}

4.發送證書請求到CA，證書請求批準后的到一個證書

?public?string?sendRequest(string?strRequest,?ref??string?strCert)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CCertConfig?objCertConfig?=?new?CCertConfigClass();
????????????CCertRequest?objCertRequest?=?new?CCertRequestClass();
????????????string?strCAConfig;

????????????int?iDisposition;
????????????string?strDisposition;

????????????try
????????????{
????????????????//?Get?CA?config?from?UI
????????????????//strCAConfig?=?objCertConfig.GetConfig(CC_DEFAULTCONFIG);
????????????????strCAConfig?=?objCertConfig.GetConfig(CC_UIPICKCONFIG);

????????????????//?Submit?the?request
????????????????iDisposition?=?objCertRequest.Submit(
????????????????????CR_IN_BASE64?|?CR_IN_FORMATANY,
????????????????????strRequest,
????????????????????null,
????????????????????strCAConfig
????????????????);

????????????????//?Check?the?submission?status
????????????????if?(CR_DISP_ISSUED?!=?iDisposition)?//?Not?enrolled
????????????????{
????????????????????strDisposition?=?objCertRequest.GetDispositionMessage();

????????????????????if?(CR_DISP_UNDER_SUBMISSION?==?iDisposition)?//?Pending
????????????????????{

????????????????????????return?"The?submission?is?pending:?"?+?strDisposition;
????????????????????}
????????????????????else?//?Failed
????????????????????{
????????????????????????string?sError;
????????????????????????sError?=?"The?submission?failed:?"?+?strDisposition;
????????????????????????sError?+=?"Last?status:?"?+?objCertRequest.GetLastStatus().ToString();
????????????????????????return?sError;
????????????????????}
????????????????}

????????????????//?Get?the?certificate
????????????????strCert?=?objCertRequest.GetCertificate(
????????????????????CR_OUT_BASE64?|?CR_OUT_CHAIN
????????????????);
????????????????return?sOK;

????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}

5.在客戶端機器上安裝證書

????????public?string?acceptPKCS7(string?strCert)
????????{
????????????//??Create?all?the?objects?that?will?be?required
????????????CX509Enrollment?objEnroll?=?new?CX509EnrollmentClass();

????????????try
????????????{

????????????????//?Install?the?certificate
????????????????objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
????????????????objEnroll.InstallResponse(
????????????????????InstallResponseRestrictionFlags.AllowUntrustedRoot,
????????????????????strCert,
????????????????????EncodingType.XCN_CRYPT_STRING_BASE64,//如果使用UKEY，用ANY類型 -2013.7.31
????????????????????null
????????????????);

????????????????return?sOK;
????????????}
????????????catch?(Exception?ex)
????????????{
????????????????return?ex.Message;
????????????}
????????}

6.參考

總結

以上是生活随笔為你收集整理的通过CertEnroll在CA上（1创建证书请求2得到证书3安装证书）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： asp.net中的窗体身份验证
下一篇： com接口传入、传出字符串的说明和例程