Partager via


How to install the response from a CA programmatically (PowerShell)

Hi all,

 

The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.

The following Powershell sample does that:

 $strBase64Response = get-content "C:\Test\Base64.cer"
 $objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment
 $objEnroll.Initialize(0x2);
 $objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)

 

Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.

Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

Comments

  • Anonymous
    July 19, 2012
    IX509Enrollment * pEnroll = NULL;BSTR  bSTR=SysAllocStringByteLen(LPCSTR(pCertBuffer),sizeof(pCertBuffer));hr=CoCreateInstance(
                      __uuidof(CX509Enrollment),     NULL,     CLSCTX_INPROC_SERVER,     __uuidof(IX509Enrollment),     (void**)&pEnroll);
    hr=pEnroll->Initialize(ContextUser);hr=pEnroll->InstallResponse(AllowNoOutstandingRequest,bSTR,XCN_CRYPT_STRING_BASE64_ANY,NULL);////////the pCertBuffer was a root cert content , i copyed it from a .cer file.  now i want to install it automaticaly into my win7 system cert store. but  when i excute the installresponse API . it always return  the error code0x8007007a(means the region for system was small) . I don't known why. could you help me . my email address hh_sys126@163.com. thank you very much!