Creating X509 Certificate object from Certificate Services RRS feed

  • Question

  • I'm trying to create a System.Security.Cryptography.X509Certificates.X509Certificate object from the result of what I get from MS Certificate Services.  I'm using VB.NET and Certificate Services COM API where applicable. 
    Here is the code that I use to submit the certificate request:

    Private _nRequestID As Integer
    Private Function Submit() As Integer
        Dim strDn As String = String.Empty
        Dim strReq As String = String.Empty
        Dim nSubmissionResponse As Integer
        Dim objEnroll As New XENROLLLib.CEnroll2()
        Dim objCertReq As New CERTCLIENTLib.CCertRequest()

        strDn = "CN=" + "some body" _
                    + ",OU=" + "some dept" _
                    + ",O=" + "HVAC-r-US" _
                    + ",L=" + "Sometownville" _
                    + ",S=" + "MN" _
                    + ",C=" + "US" _
                    + ",E=" + ""
        strReq = objEnroll.createPKCS10(strDn, New Oid().ToString())
        nSubmissionResponse = objCertReq.Submit(CR_IN_Consts.CR_IN_BASE64 Or CR_IN_Consts.CR_IN_PKCS10, strReq, String.Empty, "localhost\MyCertAuth")
        _nRequestID = objCertReq.GetRequestId()
    End Function

    '// now the CA manager goes and issues the certificate; moving it from pending to issued
    '// and we proceed with the retrieval

        Private Function Retrieve(ByVal reqID As Integer) As X509Certificates.X509Certificate
            '// the submission has been made; now we have to check to see if it has been issued
            Dim objCertIssued As New CERTCLIENTLib.CCertRequest()
            Dim nGetIssueResponse As Integer

            nGetIssueResponse = objCertIssued.GetIssuedCertificate("localhost\MyCertAuth", reqID, String.Empty)

            Dim certString As String = String.Empty
            If nGetIssueResponse = CR_DISP_Consts.CR_DISP_ISSUED Then
                '// the cert is available to be pulled down
                certString = objCertIssued.GetCertificate(CR_OUT_Consts.CR_OUT_BASE64 Or CR_OUT_Consts.CR_OUT_CHAIN)
                Return Nothing
            End If

            Dim rawData() As Byte = System.Text.Encoding.Default.GetBytes(certString)
            Dim NewCert As New X509Certificates.X509Certificate(rawData)
            Return NewCert

        End Function

    When I new up the X509Cert object the byte array in the constructor, I get the following error:
    The index value is not valid.

    I even tried using a SignedCms object to decode the rawData,  When I do that, I get the following error:
    ASN1 bad tag value met.

    Any thoughts out there?  Has this been done?  Can it be done?  Or are the results of the COM API not meant to be used with the .NET X509 objects?


    Friday, June 20, 2008 9:35 PM