다음을 통해 공유


3.1.1.6.2 Submitting Certificate Request

This local event allows higher level code to submit a certificate request to a CA.

Input Parameters:

CAName: Identical to the pwszAuthority parameter in the ICertRequestD::Request (section 3.2.1.4.2.1) method.

ServerName: The FQDN of the server on which the CA specified by the CAName is running.

Flags: The flags associated with the request. The type and value of this parameter is the same as the dwFlags parameter in the ICertRequestD::Request method.

Request: A certificate (1) request. The type and value of this parameter is the same as the pctbRequest parameter in the ICertRequestD::Request method.

Output Parameters:

Disposition: Possible values are "Issued", "Pending", or "Error".

IssuedCertificate: Contains the requested certificate, if it has been issued. The type and value of this parameter is the same as the pctbEncodedCert parameter in the ICertRequestD::Request method.

Response: Contains the CA response if a certificate has been issued. The type and value of this parameter is the same as the pctbCertChain parameter in the ICertRequestD::Request method.

Processing:

  1. Initialize a DCOM client as specified in section 2.1 by using the value of the ServerName input parameter as the remote server name setting of the DCOM client. If the initialization did not succeed, then set the Disposition output parameter to "Error".

  2. Determine the version of the certificate request interface supported by the server by following the processing rules specified in section 3.1.1.4. If errors were encountered, set the Disposition output parameter to "Error".

  3. If the server supports the ICertRequestD2 (section 3.2.1.4.3) interface, then

    1. Submit the certificate request by invoking ICertRequestD2::Request2 (section 3.2.1.4.3.1), using the following parameters:

      • pwszAuthority: set to the value of the CAName input parameter.

      • dwFlags: set to the value of the Flags input parameter.

      • pdwRequestId: set to 0.

      • pwszSerialNumber: NULL

      • pwszAttributes: NULL

      • pctbRequest: set to the value of the Request input parameter.

    2. If the return value of the ICertRequestD2::Request2 method is zero and:

      1. If ICertRequestD2::Request2 returns pdwDisposition with value of CR_DISP_ISSUED, set the Disposition output parameter to "Issued".

      2. If ICertRequestD2::Request2 returns pdwDisposition with value of CR_DISP_UNDER_SUBMISSION, and if the CA response is not a challenge message (as described in section 3.2.2.6.2.1.2.6), then set the Disposition output parameter to "Pending"; otherwise, the client SHOULD invoke the processing rules in section 3.1.1.4.3.4.1.2 using the CA response. Perform step 1 again with the Request parameter set to the enveloped data created in section 3.1.1.4.3.4.1.2.<33>

      3. Else, set the Disposition output parameter to "Error".

    3. If the return value of ICertRequestD::Request method is nonzero, set the Disposition output parameter to "Error".

    4. If Disposition equals "Issued", set the IssuedCertificate output parameter to the value of the pctbEncodedCert and set the Response output parameter to the value of the pctbCertChain returned by ICertRequestD2::Request2.

  4. If the server does not support the ICertRequestD2 interface, then

    1. Submit the certificate request by invoking ICertRequestD::Request, using the following parameters:

      • pwszAuthority: set to the value of the CAName input parameter.

      • dwFlags: set to the value of the Flags input parameter.

      • pdwRequestId: set to 0.

      • pwszAttributes: NULL.

      • pctbRequest: set to the value of the Request input parameter.

    2. If the return value of the ICertRequestD::Request method is zero and:

      1. If ICertRequestD::Request returns pdwDisposition with value of CR_DISP_ISSUED, set the Disposition output parameter to "Issued".

      2. If ICertRequestD::Request returns pdwDisposition with value of CR_DISP_UNDER_SUBMISSION, set the Disposition output parameter to "Pending".

      3. Else, set the Disposition output parameter to "Error".

    3. If the return value of the ICertRequestD::Request method is nonzero, set the Disposition output parameter to "Error".

    4. If Disposition equals "Issued", set the IssuedCertificate output parameter to the value of the pctbEncodedCert and set the Response output parameter to the value of the pctbCertChain returned by ICertRequestD::Request.