Is there an API that provides an interface with Certificate Services on Windows 2012/2008 Server. RRS feed

  • Question

  • I'm working on an application that will be able to acquire certificate from the Certificate Authority (server), specifically utilizing  the SCEP protocol. Thanks in advance to any info.
    Thursday, March 14, 2013 6:33 AM

All replies

  • #include "certsrv.h"

    #include "xenroll.h"

    Visual C++ MVP

    Thursday, March 14, 2013 1:28 PM
  • Thanks for the reponse Sheng. If I understood it correctly these are API specific to enrollment services for Windows. Is there any other windows SCEP API than can work  with other Ceritificate Servers besides Windows? I'm looking for a more open API. Pardon me if my post initially indicated Windows Servers only.
    Thursday, March 14, 2013 5:51 PM
  • I am not aware of an SCEP client in any version of Windows. The xenroll ActiveX requires Microsoft's Crypto Architecture. You probably want to try your luck at http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/threads.

    Visual C++ MVP

    Thursday, March 14, 2013 6:16 PM
  • Hi,
    Welcome here.

    According to your description, I'd like to move this thread to a more appropriate forum: "Application Security for Windows Desktop".
    Thanks for your understanding and active participation in the MSDN Forum.

    Elegentin Xie
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, March 15, 2013 9:10 AM
  • There is no client side SCEP component built into Windows. There is an NDES server. It has an admin interface where you can get the challenge password using your browser. And it also has an interface for submitting your SCEP request.

    I have heard of some people who programmatically browse to the admin page and grab the password contained in the <B> </B> tags.

    To create the SCEP request, you'll need to write a fair amount of code. To send the SCEP request over the wire using the SCEP defined protocol, you'll have to write code for that as well.


    Friday, March 15, 2013 11:10 PM
  • Just an FYI:

    xenroll.h has been deprecated  since Vista. You should be incuding certenroll.h


    Friday, March 15, 2013 11:10 PM