Storing certificate in etoken using certenroll RRS feed

  • Question

  • Hi,
    I'm trying to create a certificate inside an etoken in Vista but i'm having a problem. When i create the request, the private and public keys are stored in the pc but not in the etoken. Using xenroll in XP it stores the keys inside the etoken when its created, how it can be made with certenroll? Importing manually the certificate when it's ready it's not a choice...

    Saturday, January 19, 2008 1:56 AM

All replies

  • Hi


    Did you set the correct CSP for creating the public/private key pair on the token? See

    on msdn library.





    Thursday, February 14, 2008 8:56 AM

    Hi Dominik,

    I'm not sure if i'm doing everything i should, this code works, except that it isn't creating the keys where i need (inside the etoken), i'm selecting the provider and using the initializeFromName. If you have any idea let me know.


    Code Snippet

      var CRYPT_STRING_BASE64=1;
      var provider="SafeSign Standard Cryptographic Service Provider";
      var obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment");
      var objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey");
      var objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
      var objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName");
      var selectedCSP = g_objClassFactory.CreateObject("X509Enrollment.CCspInformation");
      var certContext=1;
      objPrivateKey.CspInformations = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations");
      objPrivateKey.ContainerName = "x";
      objPrivateKey.KeySpec = 1;
      objRequest.InitializeFromPrivateKey(certContext, objPrivateKey, "");



    Thanks, Aldo.
    Friday, February 15, 2008 3:29 AM
  • I am now facing the same problem.
    Have you found a solution?
    Wednesday, March 12, 2008 4:32 PM
  • Hi Dominik, i found a "solution", besides setting the CSP in the private key you have to set the provider name and the provider type in the private key before the initialize of the objRequest, in my code just add:


    Code Snippet
    objPrivateKey.ProviderName = provider
    objPrivateKey.ProviderType = 1


    I'm not sure why i have to do this if i already have the provider in the selectedCSP and it's added to the private key, but.. it "works".. now i'm having a second problem... when it creates the private and public key in the etoken, it also creates the certificate... i just want to create the public and private keys, and install the certificate later... any idea?


    Thanks, Aldo.

    Wednesday, March 12, 2008 11:24 PM
  • I think you have forgotten the creation of the  private/public  key pair.


    Code Snippet







    Thursday, March 13, 2008 11:16 AM
  • mmmm... when i use my code it's creating the private/public key pair, and also the certificate, but i need to create only the key pair, and install the certificate later, if i use the objPrivateKey.Create() it doesn't work at all...


    Friday, March 14, 2008 8:42 PM
  • hi, i having the same problem, when i call CreateRequest(), the certificate also store in token. I want to store the key only. have you found any solution on this? I tried many suggestion from other forums but still can't work.

    Tuesday, February 17, 2009 10:25 AM