Using the Enrollment Client Sample (Windows CE 5.0)
Windows CE provides a code sample that illustrates the client role for certificate enrollment. The sample is used to obtain a certificate for a Windows CE device from a Microsoft Windows 2000 or Windows Server 2003 with Web enrollment support installed. For the sample, the certificate authority is a Windows 2000 Certificate Server. The client sample is Enroll.exe and it is located in the %_WINCEROOT%\Public\Common\Sdk\Samples\Enroll directory.
For more information about the Microsoft Certificate Server, see the technical articles in Microsoft TechNet titled, Windows 2000 Certificate Services and Step by Step Guide for Setting up a Certificate Authority.
The enrollment process between the client, the sample, Enroll.exe, and the certificate authority, Windows 2000 Certificate Server, involves the following steps:
- Authenticating the client or user.
- Creating a PCKS #10 request.
- Posting the request.
- Retrieving the certificate.
In a Windows desktop environment, Microsoft Certificate Services provide a set of customizable active server pages (ASP) to handle the various stages of certificate enrollment. Most of these pages communicate with a Windows desktop client through the Certificate Enrollment Control. The Certificate Enrollment Control is a Microsoft ActiveX® control that handles all the client side operations in an enrollment scenario. The ASP pages combined with the Certificate Enrollment Control provide an Internet browser-based enrollment sample. However, many Windows CE devices do not have a browser and still require certificate enrollment capabilities. Because of that constraint, the Enroll.exe sample provides the capability for enrollment in an environment that does not include a fully functional browser.
**Note **The Windows CE operating system does not contain the Xenroll.dll, and therefore does not support the Icenroll interface that is available on the standard Windows operating system.
The Windows CE enrollment scheme is based on standard Internet and Internet Engineering Task Force (IETF) protocols and can interact with the Windows 2000 Certificate Server without requiring added customization of the supplied templates and sample ASP pages.
The following illustration shows the basic architecture of the certificate enrollment technology in Windows CE.
See Also
Certificates OS Design Development | How to Enroll for a Certificate Using the Default Settings | How to Enroll for a Certificate Using the Modified Settings | Creating an Enrollment Environment | Configuring Enroll.exe
Send Feedback on this topic to the authors