Certificiate generation with IE7 on Vista
Requirements:
- You must enable ActiveX for this to work.
- On Vista you have to add this website to the list of trusted sites in the internet-settings.
Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts
This page shows how to add Vista compatibility to existing CA software. The following code is made available under Apache License or BSD license by CAcert Inc. and the original author Philipp Gühring. Other licenses are likely available on demand.
Assumptions: The XP version usually had this object defined, which has the id "cec" in our case: <object classid="clsid:..xenroll.dll id="cec">
We have the listbox CspProvider, where the user can choose which CryptoProvider to use: <select name="CspProvider">
And we have a hidden field, which tells us which kind of browser/operating system request we got: <input type="hidden" name="keytype" value="MS"> MS = Old Win2k/XP style, VI = Vista, NS = Netscape Keygen
The first step is to get the provider list from the operating system.
In the function GetProviderList, which queries for all the Cryptoproviders available on the system and fills the listbox CspProvider with it: Function GetProviderList()
we add the following code:
On Error Resume Next // Vista: Set csps = CreateObject("X509Enrollment.CCspInformations") If IsObject(csps) Then csps.AddAvailableCsps() Document.CertReqForm.keytype.value="VI" For j = 0 to csps.Count-1 Set oOption = document.createElement("OPTION") oOption.text = csps.ItemByIndex(j).Name oOption.value = j Document.CertReqForm.CspProvider.add(oOption) Next Else // 2000,XP:
And then the function continues with the old Win2K and XP style cec.enumProviders handling. At the end of the function, we need the
End If End Function
to close the If.
The next step is to generate the CSR:
In the function that generates the certificate (usually called when the user clicks on the Submit button), we add the following code:
// Vista if Document.CertReqForm.keytype.value="VI" Then Dim g_objClassFactory Dim obj Dim objPrivateKey Dim g_objRequest Dim g_objRequestCMC Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text objPrivateKey.ProviderType = "24" objPrivateKey.KeySpec = "1" objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") objDN.Encode("CN=Dummy") objRequest.Subject = objDN // obj.Initialize(1) obj.InitializeFromRequest(objRequest) obj.CertificateDescription="Description" obj.CertificateFriendlyName="FriendlyName" CSR=obj.CreateRequest(1) If len(CSR)<>0 Then Exit Function Msgbox "Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!" else // XP
then we have the old XP style code.
At the end of the function we need
End if End Function
again.
This should generate a normal CSR, similar to the one generated by Win2K and WinXP. Finally the necessary code to install the created certificate in the next step:
On Error Resume Next Dim obj Set obj=CreateObject("X509Enrollment.CX509Enrollment") If IsObject(obj) Then obj.Initialize(1) obj.InstallResponse 0,certchain,0,"" if err.number<>0 then msgbox err.Description else msgbox "Certificate installed successfully. Please don't forget to backup now" end if else . . . EndIf
as usual, the Win2K/XP style code continues, and we need an EndIf in the end.