CertEnroll.dll vs XEnroll.dll RRS feed

  • Question

  • Hello guys,

    Microsoft says "new API, implemented in CertEnroll.dll starting with
    Windows Vista, replaces Xenroll.dll which has been deprecated and is no
    longer contained in Windows."

    You can find the API reference at

    Now,  does anyone know the class ID or API that can be used by
    JavaScript in InternetExplorer  to generate keypair ( in IE )and PKCS10 in vista?

    The code which used to do the job in Win2000 , XP and 2003 server no longer
    works because it uses Xenroll cab which is deprecated in Vista.

    Any help is greatly appriciated.



    Wednesday, November 22, 2006 6:57 AM

All replies

  • IX509PrivateKey pPrivateKey;
    If you just want to specify the CSP by name, then that’s all you need to do:

    BSTR strProvName = SysAllocString(L"<CSP name>");

    hr = pPrivateKey->put_ProviderName(strProvName);

    You can then optionally set the Length, Container Name, KeyProtection and KeySpec if you like.

    There’s no need to set the container name before creating a new key.

    You can set the provider type if you want, but that is optional (I believe it is ignored if it is wrong – we figure out the correct value).

    If you set put_Existing to VARIANT_TRUE, then call hr = pPrivateKey->Open();

    If you set put_Existing to VARIANT_FALSE, then call hr = pPrivateKey->Create();

    To create a new key with this CSP and all other default values, it should suffice to make two calls:



    From certenroll.idl/h:
     HRESULT InitializeFromPrivateKey(
         [in] X509CertificateEnrollmentContext Context,
         [in] IX509PrivateKey *pPrivateKey,
         [in] BSTR strTemplateName);  // OPTIONAL

    hr = p10->InitializeFromPrivateKey(certEnrollContext,pri,bstrDN);

    If you pass the template name, we expect the caller is on the domain with access to template information.
    hr = p10->InitializeFromPrivateKey(certEnrollContext,pri,NULL);
    Use p10->put_Subject(xxx) for the subject name.
    Wednesday, November 22, 2006 8:57 AM
  • Hi friends,


      XEnrollObj.UseExistingKeySet = true;


    The above is the code using XEnroll. What is the corresponding property name/statement in CertEnroll?.





    Monday, April 23, 2007 9:31 AM
  • Did anyone find a solution for this problem. Our code is written in asp not "asp .net" and we face the same problem.
    Tuesday, June 19, 2007 8:16 AM
  • Hello all,


    Any progress on this post?


    It would be great to see some example in javascript.


    Friday, August 31, 2007 9:15 AM
  • From:




    The UseExistingKeySet function defined in Xenroll.dll specifies or retrieves a Boolean value that indicates whether to use existing keys.

    When using CertEnroll.dll, you can call the InitializeFromCertificate method on an IX509CertificateRequestPkcs10 object and specify a value of the X509RequestInheritOptions enumeration type to reuse existing private and public keys.





    Friday, January 11, 2008 3:51 PM