> Hi,
>
> I am looking for suggestions / best practices for creating a C# client
> application that can communicate with a Microsoft Certificate
> Authority running on a windows 2003 server. The application would like
> to submit PKCS#10 certificate signing requests and recover the issued
> certifiates in PKCS#7 format.
>
> Thank you in advance for any suggestions.
>
> Richard
>

> Dear Dominick Baier.
>
> Thank you very much for taking the time to suggest xenroll. My initial
> question was not clear, so let me elaborate a little more.
>
> I am looking for suggestions on how to submit the PKCS#10 string
> returned from Xenroll's "ICEnroll4::createPKCS10" method to a
> Microsoft CA and retrieve the PKCS#7 result. We alos need to retrieve
> CRLs from the CA, get a list of issued Cetrs, etc...
>
> We use xenroll on the client machine to generate the PKCS#10 request
> as a string response and to import the PKCS#7 returned from a CA.
>
> This client PC where Xenroll runs has no direct network connectivity
> to the Microsoft Server hosting the CA. Rather, the PKCS#10 request is
> communicated via a message queue to a remote Registration Authority
> (RA) who is expected to submit the PKCS#10 to a CA via a network
> connection local to the RA. The RA must then return the PKCS#7
> response from the RA back via the messages queues where it would be
> installed on the client using xenroll.
>
> I suspect that I need to use the following interfaces,
> ICertRequest2::GetCACertificate and and memebers from ICertAdmin2
>
> Header Declared in Certcli.h; include Certsrv.h.
> Library Use Certidl.lib.
> DLL Requires Certcli.dll.
> IID IID_ICertRequest2 is defined as
> A4772988-4A85-4FA9-824E-B5CF5C16405A.
> Was wondering if anyone else has tried this or someing similar.
>
> Regards
> Richard