Certificiate generation with IE7 on Vista
Requirements:
- You must enable ActiveX for this to work.
- On Vista you have to add this website to the list of trusted sites in the internet-settings.
Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts
This page shows how to add Vista compatibility to existing CA software. The following code is made available under Apache License or BSD license by CAcert Inc. and the original author Philipp Gühring. Other licenses are likely available on demand.
Assumptions: The XP version usually had this object defined, which has the id "cec" in our case: <object classid="clsid:..xenroll.dll id="cec">
We have the listbox CspProvider, where the user can choose which CryptoProvider to use: <select name="CspProvider">
And we have a hidden field, which tells us which kind of browser/operating system request we got: <input type="hidden" name="keytype" value="MS"> MS = Old Win2k/XP style, VI = Vista, NS = Netscape Keygen
The first step is to get the provider list from the operating system.
In the function GetProviderList, which queries for all the Cryptoproviders available on the system and fills the listbox CspProvider with it: Function GetProviderList()
we add the following code:
On Error Resume Next
// Vista:
Set csps = CreateObject("X509Enrollment.CCspInformations")
If IsObject(csps) Then
csps.AddAvailableCsps()
Document.CertReqForm.keytype.value="VI"
For j = 0 to csps.Count-1
Set oOption = document.createElement("OPTION")
oOption.text = csps.ItemByIndex(j).Name
oOption.value = j
Document.CertReqForm.CspProvider.add(oOption)
Next
Else
// 2000,XP:And then the function continues with the old Win2K and XP style cec.enumProviders handling. At the end of the function, we need the
End If End Function
to close the If.
The next step is to generate the CSR:
In the function that generates the certificate (usually called when the user clicks on the Submit button), we add the following code:
// Vista
if Document.CertReqForm.keytype.value="VI" Then
Dim g_objClassFactory
Dim obj
Dim objPrivateKey
Dim g_objRequest
Dim g_objRequestCMC
Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
objPrivateKey.ProviderType = "24"
objPrivateKey.KeySpec = "1"
objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
objDN.Encode("CN=Dummy")
objRequest.Subject = objDN
// obj.Initialize(1)
obj.InitializeFromRequest(objRequest)
obj.CertificateDescription="Description"
obj.CertificateFriendlyName="FriendlyName"
CSR=obj.CreateRequest(1)
If len(CSR)<>0 Then Exit Function
Msgbox "Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!"
else
// XPthen we have the old XP style code.
At the end of the function we need
End if End Function
again.
This should generate a normal CSR, similar to the one generated by Win2K and WinXP. Finally the necessary code to install the created certificate in the next step:
On Error Resume Next
Dim obj
Set obj=CreateObject("X509Enrollment.CX509Enrollment")
If IsObject(obj) Then
obj.Initialize(1)
obj.InstallResponse 0,certchain,0,""
if err.number<>0 then
msgbox err.Description
else
msgbox "Certificate installed successfully. Please don't forget to backup now"
end if
else
.
.
.
EndIfas usual, the Win2K/XP style code continues, and we need an EndIf in the end.