|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Issuing X.509 CertificatesHow can I programmatically issue X.509 certificates for my users? I
mean people give my program their public key and other characteristics of themselves (like name, address, etc) and the program gives them a digital certificate (*.cer,*.der, etc file) which is signed by my private key. Of course, there are projects like OpenSSL, COM objects like CAPICOM, and other nice things; but I don't know how to solve this problem. Any idea will be appreciated. Hi,
there is a library called xenroll. COM based. This is e.g. used by the web interface of Windows Certificate Services. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > How can I programmatically issue X.509 certificates for my users? I > mean people give my program their public key and other characteristics > of themselves (like name, address, etc) and the program gives them a > digital certificate (*.cer,*.der, etc file) which is signed by my > private key. > > Of course, there are projects like OpenSSL, COM objects like CAPICOM, > and other nice things; but I don't know how to solve this problem. > > Any idea will be appreciated. > Oh, I forgot to mention Xenroll! I tested it b4, but I think it's
suitable for requesting certificates, not issuing one. I hope I'd be wrong, 'coz Xenroll is very easy to use. If u know any function in this dll that might be useful for issuing, please let me know. Thnx in advance. Do you have a certificate authority set up that allows you to issue
certificates? If not, you will need to set one up or buy your certificates from a public CA. Joe K. Show quoteHide quote "Sadeq" <MSDou***@gmail.com> wrote in message news:1137111889.422638.281230@g44g2000cwa.googlegroups.com... > Oh, I forgot to mention Xenroll! I tested it b4, but I think it's > suitable for requesting certificates, not issuing one. > > I hope I'd be wrong, 'coz Xenroll is very easy to use. If u know any > function in this dll that might be useful for issuing, please let me > know. > > Thnx in advance. > Consider I have a self-signed certificate, so there will be no need to
buy a certificate. Now, I want to issue some certificates to my users programmatically. The only problem is to encode a certificate contents, using ASN.1 encoding and X.509 standard. Some programs, like OpenSSL or MakeCert let u do this, but I don't know how to incorporate such functionality into my programs. Although, I think crypt32.dll and advapi32.dll also will do, so I need to use PInvoke to wrap their functions. Anyone is aware of what functions should be wrapped in order to be able to issue certificates? Hello!
You wrote on 13 Jan 2006 01:25:52 -0800: S> Some programs, like OpenSSL or MakeCert let u do this, but I don't know S> how to incorporate such functionality into my programs. You can use PKIBlackbox ( http://www.eldos.com/sbb/desc-pki.php ) for this purpose. With best regards, Eugene Mayevski Hi
Yes, this works, but I'd rather a free solution. As I mentioned b4, a tutorial on how to use any of Windows cryptography DLLs (like crypt32.dll, etc) or OpenSSL functions to issue certificate will suffice. Thnx 4 ur consideration. To see which capi functions you need to Pinvoke to create
certificates with extensions of your choice, look at the CreateCert.c sample code in the psdk typically at: C:\Program Files\Microsoft Platform SDK\Samples\Security\CryptoApi\CreateCert Pinvoke function declarations for the functions and structs therein are fairly simple to set up :-) - Mitch Gallant MVP Security www.jensign.com Show quoteHide quote "Sadeq" <MSDou***@gmail.com> wrote in message news:1137151080.868620.45690@f14g2000cwb.googlegroups.com... > Hi > Yes, this works, but I'd rather a free solution. As I mentioned b4, a > tutorial on how to use any of Windows cryptography DLLs (like > crypt32.dll, etc) or OpenSSL functions to issue certificate will > suffice. > > Thnx 4 ur consideration. > If you want to see lots of p/invoke samples for crypto API, check out Mitch
Gallant's site: http://www.jensign.com/ I think creating a wrapper around makecert.exe with the process class might suffice though. Joe K. Show quoteHide quote "Sadeq" <MSDou***@gmail.com> wrote in message news:1137144352.389881.308000@f14g2000cwb.googlegroups.com... > Consider I have a self-signed certificate, so there will be no need to > buy a certificate. Now, I want to issue some certificates to my users > programmatically. The only problem is to encode a certificate contents, > using ASN.1 encoding and X.509 standard. > Some programs, like OpenSSL or MakeCert let u do this, but I don't know > how to incorporate such functionality into my programs. > Although, I think crypt32.dll and advapi32.dll also will do, so I need > to use PInvoke to wrap their functions. > > Anyone is aware of what functions should be wrapped in order to be able > to issue certificates? > 
Other interesting topics
System.Security.SecurityException: Request failed.
authentication problem migrating a Winform+WS to asp.net20+WS deploying a group policy to grant signed assemblies FULLTRUST Understanding FullTrust and CAS SecurityException when app moved to network Using caspol to import a strong name codegroup Couldn;t load assembly Instantiate Shell.Explorer.2 at runtime for a web page HTTPS Posting Help needed RSACryptoServiceProvider throw exception on .net 2.0? |
|||||||||||||||||||||||
