none
[MS-CSRA] ICertConfigD2::GetConfigEntry inaccessible input parameters RRS feed

  • Question

  • In [MS-CSRA] §3.1.4.2.14 ICertAdminD2::GetConfigEntry (Opnum 44), says:

    pwszNodePath: A string value that represents the node path for the configuration information.
    This parameter can be an empty string and MUST NOT be NULL.<70>

    and note <70> says:

    On Windows, the CA uses subkeys that use the following key as a node path:
    
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\<CA_CN>

    so, if pwszNodePath is empty, then CA node is fetched. However, table in the section contains several config entries that do not belong to <CA_CN> node, such as:

    • pwszEntry = SetupStatus
    • pwszEntry = Version

    These properties belong to "Configuration" (parent to <CA_CN>) node, which is not accessible via this method.


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Thursday, June 11, 2020 8:24 PM

Answers

  • Hi Vadims,

    Thank you for the additional details. I will file a request to update the documentation and follow up. 

    Best Regards,


    Jeff McCashland | Microsoft Protocols Open Specifications Team


    Monday, June 15, 2020 3:55 PM
    Moderator

All replies

  • Hi Vadims

    Thanks for the question about Open Specifications.
    One of the Open Specifications Engineers will respond shortly to assist you.


    HungChun Yu (MSFT)

    Thursday, June 11, 2020 11:21 PM
  • Hi Vadims,

    I will look into this question and let you know what I find. 

    Thanks,


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Friday, June 12, 2020 3:40 PM
    Moderator
  • I have an update on this.

    Finally, I was able to narrow this down. These configuration entries are accessible via API, but input parameters are incorrect. I suggest these changes:

    Old value: pwszNodePath is EMPTY and pwszEntry is "SetupStatus"

    New value: pwszAuthority is EMPTY, pwszNodePath is EMPTY and pwszEntry is "SetupStatus"


    Old value: pwszNodePath is EMPTY and pwszEntry is "Version"

    New value: pwszAuthority is EMPTY, pwszNodePath is EMPTY and pwszEntry is "Version"


    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Sunday, June 14, 2020 9:02 AM
  • Hi Vadims,

    Thank you for the additional details. I will file a request to update the documentation and follow up. 

    Best Regards,


    Jeff McCashland | Microsoft Protocols Open Specifications Team


    Monday, June 15, 2020 3:55 PM
    Moderator
  • Hi Vadims,

    We have updated the documentation for the next release:

    3.1.4.2.14 ICertAdminD2::GetConfigEntry (Opnum 44)

    Input Parameters

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "SetupStatus"

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "Version"

    3.1.4.2.15 ICertAdminD2::SetConfigEntry (Opnum 45)

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "SetupStatus"

    pwszAuthority is EMPTY and pwszNodePath is EMPTY and pwszEntry is "Version"Best regards,


    Jeff McCashland | Microsoft Protocols Open Specifications Team

    Wednesday, August 5, 2020 7:29 PM
    Moderator
  • Thanks, that's correct!

    Vadims Podāns, aka Crypt32
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: ASN.1 Editor tool.

    Thursday, August 6, 2020 6:24 AM