Generating certificate request on a specific smartcard when multiple smartcards connected. RRS feed

  • Question

  • Dear All,

    My enrollment on behalf code is working as expected and now I want to be able to do that with smartcard.

    I've two smartcard (same brand) connected on my station:

    • One contains the signing certificate of the registration officier
    • One is empty and should be used for enrolling the end user certificate

    I don't see exacty how I could generate the certificate request in the right smartcard. They both use the same CSP and until now I was not able to force the private key generation on the right smartcard.

    Is there a way to enumerate smartcarsd using CryptoAPI (I did that with SC manager API but wasn't able to establish a link between SC and a specific private key container or something similar to ensure generation on the right SC) ? Is there a way to ensure that I can select the correct smartcard for private key and certificate request genereation ?

    Any general guidance about this ? 

    Kind regards,


    PS: Prefered langage is C# but working with C++ is fine also.

    Wednesday, May 8, 2013 7:14 AM


All replies

  • Hi,

    When connecting to your csp, try the syntax \\.\<Reader Name>\<Container Name> as the CSP name.

    It is described here : http://msdn.microsoft.com/en-us/library/bb905527.aspx.

    The Base Smart Card CSP complies with it, but not all CSP do.



    • Marked as answer by oblabla Monday, May 13, 2013 9:50 AM
    Thursday, May 9, 2013 5:32 PM
  • Thank you for the hint... first tests are encouraging...

    Monday, May 13, 2013 9:50 AM
  • Hi,

    I'm facing the same work. can you publish a sample c++ on CertEnroll on behalf other in offline. means One CSR is prepared it is submited to an Web Application to get it back signed from CA.

    Using the smartcard to enroll, since the private key is  in smartcard how to initialize the private key object in CertEnroll to use existing key set ?

    Monday, June 19, 2017 7:33 PM