Discussion:
Storing certificates into Trusted Root Certification Authority programmatically
(too old to reply)
swapnil
2009-12-21 09:01:11 UTC
Permalink
Hi All,
I have a client certificate(.pfx PKCS12 file) and I want to
put that in Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.

Thanks in advance,
Swapnil
Mounir IDRASSI
2009-12-27 19:27:01 UTC
Permalink
Hi,

You can import a root certificate into the Trusted Root Certificate Store
using the function CertAddCertificateContextToStore :

- Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
- Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
- Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.

Note that will still have a confirmation dialog that will show up in order
for the user to validate this operation. So, if the user clicks cancel, the
function CertAddCertificateContextToStore will fail the GetLastError will
return ERROR_CANCELLED.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Post by swapnil
Hi All,
I have a client certificate(.pfx PKCS12 file) and I want to
put that in Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.
Thanks in advance,
Swapnil
.
swapnil
2009-12-28 14:31:13 UTC
Permalink
Thanks Mounir for your reply. I have done using this way only. Its
working fine.
Post by Mounir IDRASSI
Hi,
You can import a root certificate into the Trusted Root Certificate Store
   - Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
   - Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
   - Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.
Note that will still have a confirmation dialog that will show up in order
for the user to validate this operation. So, if the user clicks cancel, the
function CertAddCertificateContextToStore will fail the GetLastError will
return ERROR_CANCELLED.
Cheers,
--
Mounir IDRASSI
IDRIXhttp://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Post by swapnil
Hi All,
        I have a client certificate(.pfx PKCS12 file) and I want to
put that in  Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.
Thanks in advance,
Swapnil
.
anupama joshi
2010-10-24 21:02:22 UTC
Permalink
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);

}





if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));

for(U32 i=0; i<certs->size(); i++){

BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/


if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))

{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Post by swapnil
Hi All,
I have a client certificate(.pfx PKCS12 file) and I want to
put that in Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.
Thanks in advance,
Swapnil
Post by Mounir IDRASSI
Hi,
You can import a root certificate into the Trusted Root Certificate Store
- Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
- Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
- Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.
Note that will still have a confirmation dialog that will show up in order
for the user to validate this operation. So, if the user clicks cancel, the
function CertAddCertificateContextToStore will fail the GetLastError will
return ERROR_CANCELLED.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Post by swapnil
Thanks Mounir for your reply. I have done using this way only. Its
working fine.
bytes
in
and
r
he
t to
Submitted via EggHeadCafe - Software Developer Portal of Choice
FireAndForget Asynchronous Utility Class for SQL Server Inserts and Updates
http://www.eggheadcafe.com/tutorials/aspnet/7a22d9a4-59fc-40b0-8337-75c76f14fb3b/fireandforget-asynchronous-utility-class-for-sql-server-inserts-and-updates.aspx
anupama joshi
2010-10-24 21:03:04 UTC
Permalink
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);

}





if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));

for(U32 i=0; i<certs->size(); i++){

BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/


if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))

{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Post by swapnil
Hi All,
I have a client certificate(.pfx PKCS12 file) and I want to
put that in Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.
Thanks in advance,
Swapnil
Post by Mounir IDRASSI
Hi,
You can import a root certificate into the Trusted Root Certificate Store
- Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
- Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
- Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.
Note that will still have a confirmation dialog that will show up in order
for the user to validate this operation. So, if the user clicks cancel, the
function CertAddCertificateContextToStore will fail the GetLastError will
return ERROR_CANCELLED.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Post by swapnil
Thanks Mounir for your reply. I have done using this way only. Its
working fine.
bytes
in
and
r
he
t to
Post by anupama joshi
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);
}
if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));
for(U32 i=0; i<certs->size(); i++){
BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/
if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))
{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Submitted via EggHeadCafe - Software Developer Portal of Choice
Search Scope for SharePoint Web Site
http://www.eggheadcafe.com/tutorials/aspnet/d80e1642-9c87-4e05-b726-fae3e2b60d12/search-scope-for-sharepoint-web-site.aspx
anupama joshi
2010-10-24 21:03:24 UTC
Permalink
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);

}





if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));

for(U32 i=0; i<certs->size(); i++){

BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/


if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))

{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Post by swapnil
Hi All,
I have a client certificate(.pfx PKCS12 file) and I want to
put that in Trusted Root Certification Authority. I can always right
click on certificate and say install, but I want to do that in
programmatic way. How can do this programmatically ? I tried
overriding RemoteCertificateValidationCallback
(CertificateValidationCallback), that seemed to work for allowing
client's certificate on server(by returning true), but this is not
working in same way for allowing server's certificate on Client side,
just by returning true from that callback routine in client program.
Still it say remote i.e. server's certificate is null.
Thanks in advance,
Swapnil
Post by Mounir IDRASSI
Hi,
You can import a root certificate into the Trusted Root Certificate Store
- Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
- Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
- Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.
Note that will still have a confirmation dialog that will show up in order
for the user to validate this operation. So, if the user clicks cancel, the
function CertAddCertificateContextToStore will fail the GetLastError will
return ERROR_CANCELLED.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
Post by swapnil
Thanks Mounir for your reply. I have done using this way only. Its
working fine.
bytes
in
and
r
he
t to
Post by anupama joshi
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);
}
if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));
for(U32 i=0; i<certs->size(); i++){
BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/
if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))
{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Post by anupama joshi
Hi,
I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. When I open in-memory store using certOpenStore and add the cert there I get error in handshake.
If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want . Also then the cert remains in the store.
I want memory store but the cert should be treated as trusted. What Can I do?
Thanks
_Anupama
HEre is my code
if(hMemStore == NULL){
hMemStore = CertOpenStore(
CERT_STORE_PROV_MEMORY, // The memory provider type
0, // The encoding type is not needed
NULL, // Use the default HCRYPTPROV
0, // Accept the default dwFlags
NULL // pvPara is not used
);
}
if(hMemStore)
{
PLAYEROUTPUT(("The memory store was created successfully.\n"));
for(U32 i=0; i<certs->size(); i++){
BYTE *buf = certs->get(i);
U32 len = lenArr->get(i);
m_trustedCertificateBytes = buf;
m_isCertTrustedAnchor = isTrustedArr->get(i);
m_trustedCertificateLen = len;
/*CertCreateContext
CertCreateCTLEntryFromCertificateContextProperties
*/
if(CertAddEncodedCertificateToStore(
hMemStore,
CERT_ENCODING_TYPE,
m_trustedCertificateBytes,
m_trustedCertificateLen,
CERT_STORE_ADD_USE_EXISTING,
NULL))
{
PLAYEROUTPUT(("Another certificate is added to the file store.\n"));
}
else{
PLAYEROUTPUT(("CertAddEncodedCertificateToStore failed with error code 0x%x.\n", ::GetLastError()));
}
}
}
Submitted via EggHeadCafe - Software Developer Portal of Choice
FireAndForget Asynchronous Utility Class for SQL Server Inserts and Updates
http://www.eggheadcafe.com/tutorials/aspnet/7a22d9a4-59fc-40b0-8337-75c76f14fb3b/fireandforget-asynchronous-utility-class-for-sql-server-inserts-and-updates.aspx
Loading...