none
Some questions about Apply new Certification from Own Certification Authority RRS feed

  • Question

  • Hello all,

    I have some questions about applying the new certificate from my own CA.

    1. Where can I find the certificate Templates?

    I use "User" here, but actually I can't find it anywhere, I just try and try and try and finally got it.....

    2. How can I change the Templates?

    I want the Hash Algorithm is "SHA256" but it always be "SHA512" even my setting is "SHA256". I think it because of the Templates.

    And I found this Create a New Certificate Template

    But I can't find the "Certificate Templates snap-in" in MMC (It's installed all of the "Active Directory Certificate Services" in Server Manager - Add roles and features)

    MMC

    3. Can the "Issued To" no change to "Administrator"?

    The original "Issued To" and "Issued By" are what I setup, but it changed after did the "DownloadAndInstallCert" (Following have code)

    After DownloadAndInstallCert

    So I just can recognize them use the "Friendly Name"

    This is my code:

    static void Main(string[] args)
            {
                START:
                string sRequest = "";
                Console.WriteLine("Request a new certificate? (y|n)");
                string sYN = Console.ReadLine();
                if (sYN == "y")
                {
                    sRequest = CreateCertRequestMessage();
                    Console.WriteLine("Request Message:");
                    if (sRequest != "")
                    {
                        var id = SendCertificateRequest(sRequest);
                        Console.WriteLine("Request ID: " + id.ToString());
                    }
                }
    
                if (sRequest != "" || sYN == "n")
                {
                    Console.WriteLine("Download & install certificate? (y|n)");
                    if (Console.ReadLine() == "y")
                    {
                        Console.WriteLine("Request ID:");
                        var id = int.Parse(Console.ReadLine());
                        Console.WriteLine("Friendly Name:");
                        string sFriendlyName = Console.ReadLine();
                        DownloadAndInstallCert(id, sFriendlyName);
                    }
                }
    
                Console.WriteLine("Finish (y|n)?");
                if (Console.ReadLine() == "n")
                    goto START;
            }
    
            private static string CreateCertRequestMessage()
            {
                string sRequest = "";
                try
                {
                    Console.WriteLine("CA Name?");
                    string sCAName = Console.ReadLine();
                    Console.WriteLine("Key Size? (Defult:4096)");
                    int nKeySize = 4096;
                    if (Console.ReadLine() == "2048") nKeySize = 2048;
                    X509KeySpec keySpec = X509KeySpec.XCN_AT_KEYEXCHANGE;
                    Console.WriteLine("Key Spec? 1:KEYEXCHANGE; 2: SIGNATURE. Defult:1");
                    if (Console.ReadLine() == "2")
                        keySpec = X509KeySpec.XCN_AT_SIGNATURE;
                    var objCSPs = new CCspInformations();
                    objCSPs.AddAvailableCsps();
    
    
                    var objPrivateKey = new CX509PrivateKey();
                    objPrivateKey.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
                    objPrivateKey.Length = nKeySize;
                    objPrivateKey.KeySpec = keySpec;
                    objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
                    objPrivateKey.MachineContext = true;
                    objPrivateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG;
                    objPrivateKey.CspInformations = objCSPs;
                    objPrivateKey.ProviderType = X509ProviderType.XCN_PROV_RSA_AES;
                    objPrivateKey.Create();
    
                    var hashobj = new CObjectId();
                    hashobj.InitializeFromAlgorithmName(ObjectIdGroupId.XCN_CRYPT_HASH_ALG_OID_GROUP_ID,
                                                        ObjectIdPublicKeyFlags.XCN_CRYPT_OID_INFO_PUBKEY_ANY,
                                                        AlgorithmFlags.AlgorithmFlagsNone,
                                                        "SHA256");
    
                    var objDN = new CX500DistinguishedName();
                    var subjectName = "CN = " + sCAName;
                    objDN.Encode(subjectName, X500NameFlags.XCN_CERT_NAME_STR_NONE);
    
                    var objPkcs10 = new CX509CertificateRequestPkcs10();
                    objPkcs10.InitializeFromPrivateKey(
                         X509CertificateEnrollmentContext.ContextMachine,
                         objPrivateKey,
                         "User");
                    objPkcs10.HashAlgorithm = hashobj; // Specify the hashing algorithm
                    objPkcs10.Subject = objDN;
    
                    var objEnroll = new CX509Enrollment();
                    objEnroll.InitializeFromRequest(objPkcs10);
                    sRequest = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64);
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
    
                return sRequest;
            }
    
            private static int SendCertificateRequest(string sRequest)
            {
                try
                {
                    var objCertRequest = new CCertRequest();
                    var iDisposition = objCertRequest.Submit(
                             CR_IN_BASE64 | CR_IN_FORMATANY,
                             sRequest,
                             string.Empty,
                             @"192.168.222.138\TEST-CA");
    
                    switch (iDisposition)
                    {
                        case CR_DISP_ISSUED:
                            Console.WriteLine("The certificate had been issued.");
                            break;
                        case CR_DISP_UNDER_SUBMISSION:
                            Console.WriteLine("The certificate is still pending.");
                            break;
                        default:
                            Console.WriteLine("Request return No.: " + iDisposition);
                            Console.WriteLine("The submission failed: " + objCertRequest.GetDispositionMessage());
                            Console.WriteLine("Last status: " + objCertRequest.GetLastStatus().ToString());
                            break;
                    }
                    return objCertRequest.GetRequestId();
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex.Message);
                }
                return -1;
            }
    
            private static void DownloadAndInstallCert(int nRequestId, string sFriendlyName)
            {
                try
                {
                    var objCertRequest = new CCertRequest();
                    var iDisposition = objCertRequest.RetrievePending(nRequestId, @"192.168.222.138\TEST-CA");
    
                    if (iDisposition == CR_DISP_ISSUED)
                    {
                        var cert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN);
                        var objEnroll = new CX509Enrollment();
                        objEnroll.Initialize(X509CertificateEnrollmentContext.ContextMachine);
                        objEnroll.CertificateFriendlyName = sFriendlyName;
                        objEnroll.InstallResponse(
                             InstallResponseRestrictionFlags.AllowUntrustedRoot,
                           cert,
                            EncodingType.XCN_CRYPT_STRING_BASE64,
                           "");
    
                        Console.WriteLine("The certificate had been installed successfully.");
                    }
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Error: ");
                    Console.WriteLine(ex.Message);
                }           
            }

    I know I can use the way of self-signed, but I just wondering if possible to make it by this.

     

    My Environments are:

    Microsoft Visual Studio C#

    Windows Server 2012 R2 (x64) in Virtual Machine

     

    Thank you!


    • Edited by momosinging Thursday, November 17, 2016 3:09 AM
    Thursday, November 17, 2016 2:51 AM

All replies