locked
ActiveSync Retrieve userCertificate RRS feed

  • Question

  • Hi,

      I am implementing S/MIME in an email client, and I need to retrieve the user's S/MIME certificate from ActiveSync.  The item I am trying to retrieve is this one:

    http://msdn.microsoft.com/en-us/library/cc221422.aspx

    and

    http://msdn.microsoft.com/en-us/library/cc221427.aspx

    I know there must be some way to accomplish this, because there are native clients that do it already.  However, when I do a GAL lookup, I do not get these fields back.

    My current sample ActiveSync query looks like this:

    2014-02-06 10:13:54.317 EmailClient <Search>
    2014-02-06 10:13:54.317 EmailClient <Store>
    2014-02-06 10:13:54.317 EmailClient <Name>
    2014-02-06 10:13:54.318 EmailClient GAL
    2014-02-06 10:13:54.318 EmailClient </Name>
    2014-02-06 10:13:54.318 EmailClient <Query>
    2014-02-06 10:13:54.318 EmailClient dabb
    2014-02-06 10:13:54.319 EmailClient </Query>
    2014-02-06 10:13:54.319 EmailClient <SearchOptions>
    2014-02-06 10:13:54.319 EmailClient <Range>
    2014-02-06 10:13:54.319 EmailClient 0-5
    2014-02-06 10:13:54.319 EmailClient </Range>
    2014-02-06 10:13:54.320 EmailClient </SearchOptions>
    2014-02-06 10:13:54.320 EmailClient </Store>
    2014-02-06 10:13:54.320 EmailClient </Search>
     

    The decoded ActiveSync search result looks like this:

    2014-02-05 14:57:20.771 EmailClient[51456:70b] globalSearchWithString => dabb
    2014-02-05 14:57:35.450 EmailClient <Search>
    2014-02-05 14:57:35.450 EmailClient <SearchStatus>
    2014-02-05 14:57:35.451 EmailClient 1
    2014-02-05 14:57:35.454 EmailClient </SearchStatus>
    2014-02-05 14:57:35.454 EmailClient <Response>
    2014-02-05 14:57:35.454 EmailClient <Store>
    2014-02-05 14:57:35.455 EmailClient <SearchStatus>
    2014-02-05 14:57:35.455 EmailClient 1
    2014-02-05 14:57:35.455 EmailClient </SearchStatus>
    2014-02-05 14:57:35.456 EmailClient <Result>
    2014-02-05 14:57:35.456 EmailClient <Properties>
    2014-02-05 14:57:35.456 EmailClient <GalDisplayName>
    2014-02-05 14:57:35.456 EmailClient Allen Dabb
    2014-02-05 14:57:35.457 EmailClient </GalDisplayName>
    2014-02-05 14:57:35.457 EmailClient <GalAlias>
    2014-02-05 14:57:35.457 EmailClient adabb
    2014-02-05 14:57:35.457 EmailClient </GalAlias>
    2014-02-05 14:57:35.458 EmailClient <GalFirstName>
    2014-02-05 14:57:35.458 EmailClient Allen
    2014-02-05 14:57:35.458 EmailClient </GalFirstName>
    2014-02-05 14:57:35.458 EmailClient <GalLastName>
    2014-02-05 14:57:35.459 EmailClient Dabb
    2014-02-05 14:57:35.459 EmailClient </GalLastName>
    2014-02-05 14:57:35.459 EmailClient <GalEmailAddress>
    2014-02-05 14:57:35.459 EmailClient ADabb@demo.com
    2014-02-05 14:57:35.459 EmailClient </GalEmailAddress>
    2014-02-05 14:57:35.460 EmailClient </Properties>
    2014-02-05 14:57:35.460 EmailClient </Result>

    I am hoping that I can somehow specify the additional fields I want, either in Search Options or some other mechanism, in order to get these additional fields.  Please let me know how I should proceed.  Thanks!


    • Edited by David Shaw GA Thursday, February 6, 2014 3:17 PM email address
    Thursday, February 6, 2014 3:16 PM

Answers

  • Hi David, please take a look at MS-ASCMD section 2.2.2.13 which states "The ResolveRecipients command is used by clients to resolve a list of supplied recipients, to retrieve their free/busy information, and optionally, to retrieve their S/MIME certificates so that clients can send encrypted S/MIME email messages."

     

    Also see section 2.2.3.19.1 which states "The Certificate element is an optional child element of the Certificates element in ResolveRecipients command responses that contains the X509 certificate binary large object (BLOB) that is encoded with base64 encoding."

     

    If you search in MS-ASCMD for 'certificate' you will find quite a bit of information about this. Please let me know if this answers your question.


    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Friday, February 7, 2014 7:32 PM

All replies

  • Hi David,
    Thank you for your request. One of our team members will investigate this and follow-up with you soon.

    Regards,
    Edgar

    Thursday, February 6, 2014 4:11 PM
  • Hi David, I am the engineer who will be working with you on this issue. I am currently researching the problem and will provide you with an update soon. Thank you for your patience.

    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Thursday, February 6, 2014 8:58 PM
  • Hi David, please take a look at MS-ASCMD section 2.2.2.13 which states "The ResolveRecipients command is used by clients to resolve a list of supplied recipients, to retrieve their free/busy information, and optionally, to retrieve their S/MIME certificates so that clients can send encrypted S/MIME email messages."

     

    Also see section 2.2.3.19.1 which states "The Certificate element is an optional child element of the Certificates element in ResolveRecipients command responses that contains the X509 certificate binary large object (BLOB) that is encoded with base64 encoding."

     

    If you search in MS-ASCMD for 'certificate' you will find quite a bit of information about this. Please let me know if this answers your question.


    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Friday, February 7, 2014 7:32 PM
  • Thanks Josh, this looks very promising.

    I will do some tests and let you know if this resolve my issue.

    Friday, February 7, 2014 9:10 PM