== Certificiate generation with IE7 on Vista == Requirements: *You must enable ActiveX for this to work. *On Vista you have to add this website to the list of trusted sites in the internet-settings. *Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts This page shows how to add Vista compatibility to existing CA software. The following code is made available under Apache License or BSD license by CAcert Inc. and the original author Philipp Gühring. Other licenses are likely available on demand. Assumptions: The XP version usually had this object defined, which has the id "cec" in our case: We have the listbox CspProvider, where the user can choose which CryptoProvider to use: MS = Old Win2k/XP style, VI = Vista, NS = Netscape Keygen The first step is to get the provider list from the operating system. In the function GetProviderList, which queries for all the Cryptoproviders available on the system and fills the listbox CspProvider with it: Function GetProviderList() we add the following code: {{{ On Error Resume Next // Vista: Set csps = CreateObject("X509Enrollment.CCspInformations") If IsObject(csps) Then csps.AddAvailableCsps() Document.CertReqForm.keytype.value="VI" For j = 0 to csps.Count-1 Set oOption = document.createElement("OPTION") oOption.text = csps.ItemByIndex(j).Name oOption.value = j Document.CertReqForm.CspProvider.add(oOption) Next Else // 2000,XP: }}} And then the function continues with the old Win2K and XP style cec.enumProviders handling. At the end of the function, we need the {{{ End If End Function }}} to close the If. The next step is to generate the CSR: In the function that generates the certificate (usually called when the user clicks on the Submit button), we add the following code: {{{ // Vista if Document.CertReqForm.keytype.value="VI" Then Dim g_objClassFactory Dim obj Dim objPrivateKey Dim g_objRequest Dim g_objRequestCMC Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text objPrivateKey.ProviderType = "24" objPrivateKey.KeySpec = "1" objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") objDN.Encode("CN=Dummy") objRequest.Subject = objDN // obj.Initialize(1) obj.InitializeFromRequest(objRequest) obj.CertificateDescription="Description" obj.CertificateFriendlyName="FriendlyName" CSR=obj.CreateRequest(1) If len(CSR)<>0 Then Exit Function Msgbox "Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!" else // XP }}} then we have the old XP style code. At the end of the function we need {{{ End if End Function }}} again. This should generate a normal CSR, similar to the one generated by Win2K and WinXP. Finally the necessary code to install the created certificate in the next step: {{{ On Error Resume Next Dim obj Set obj=CreateObject("X509Enrollment.CX509Enrollment") If IsObject(obj) Then obj.Initialize(1) obj.InstallResponse 0,certchain,0,"" if err.number<>0 then msgbox err.Description else msgbox "Certificate installed successfully. Please don't forget to backup now" end if else . . . EndIf }}} as usual, the Win2K/XP style code continues, and we need an ''EndIf'' in the end. ---- . CategorySoftware