External Property Functions
Properties are used to associate a value with a certificate. Properties are never sent to or processed by a certification authority (CA), and they are not stored inside a certificate. Typically, they are associated with a certificate after the certificate is received from the CA and before it is saved in a store. The properties are saved in the store along with the certificate. CertEnroll.dll implements the ICertProperty interface and the following interfaces derived from ICertProperty:
- ICertPropertyArchived
- ICertPropertyArchivedKeyHash
- ICertPropertyAutoEnroll
- ICertPropertyBackedUp
- ICertPropertyDescription
- ICertPropertyEnrollment
- ICertPropertyFriendlyName
- ICertPropertyKeyProvInfo
- ICertPropertyRenewal
- ICertPropertyRequestOriginator
- ICertPropertySHA1Hash
Each of the following sections identifies a function exported by Xenroll.dll to manage external certificate properties. Each section also discusses how to use CertEnroll.dll to replace the function or indicates that no mapping between the two libraries exists:
- addBlobPropertyToCertificateWStr
- GetPrivateKeyArchiveCertificate
- resetBlobProperties
- SetPrivateKeyArchiveCertificate
- SetSignerCertificate
- ThumbPrintWStr
- Related topics
addBlobPropertyToCertificateWStr
The addBlobPropertyToCertificateWStr function in Xenroll.dll adds a property to the certificate.
In CertEnroll.dll, all of the objects derived from ICertProperty implement a SetValueOnCertificate method that you can use to associate a property with a certificate. Also, the IX509Enrollment object directly implements the CertificateFriendlyName and CertificateDescription properties.
GetPrivateKeyArchiveCertificate
The GetPrivateKeyArchiveCertificate function in Xenroll.dll retrieves the exchange certificate used to archive a private key.
You can use the IX509CertificateRequestCmc object in CertEnroll.dll to create a request for a CA to archive your private key. You must retrieve an exchange certificate from the CA and use the public key contained in that certificate to encrypt the private key that you are submitting for archival. To specify or retrieve a CA exchange certificate, call the KeyArchivalCertificate property on that object.
resetBlobProperties
The resetBlobProperties function in Xenroll.dll removes the property collection from the certificate.
In CertEnroll.dll, all of the property objects derived from ICertProperty implement the RemoveFromCertificate property that you can use to disassociate a property from a certificate.
SetPrivateKeyArchiveCertificate
The SetPrivateKeyArchiveCertificate function in Xenroll.dll specifies an exchange certificate used to archive a private key.
You can use the IX509CertificateRequestCmc object in CertEnroll.dll to create a request for a CA to archive your private key. You must retrieve an exchange certificate from the CA and use the public key contained in that certificate to encrypt the private key that you are submitting for archival. To specify or retrieve a CA exchange certificate, call the KeyArchivalCertificate property on that object.
SetSignerCertificate
The SetSignerCertificate function in Xenroll.dll Specifies a signer certificate.
The ISignerCertificate object in CertEnroll.dll can be used to sign a PKCS #7, CMC, or self-signed certificate request. You can initialize the object by using an existing signing certificate and associate it with a request by calling one of the following properties:
- SignerCertificates on IX509CertificateRequestCmc
- SignerCertificate on IX509CertificateRequestPkcs7
- SignerCertificate on IX509CertificateRequestCertificate
Also, if you initialize a CMC request from an inner request and a template or you initialize a PKCS #7 request from an existing request, the signing certificate may be set.
ThumbPrintWStr
The ThumbPrintWStr function in Xenroll.dll specifies or retrieves the value of the certificate hash.
In CertEnroll.dll, you can use the ICertPropertySHA1Hash object to retrieve a hash value (thumbprint) created by calling the InitializeFromCertificate method.
Related topics